Closed Bug 939453 Opened 11 years ago Closed 8 years ago

crashing when opening crafted JS webpage

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86_64
Windows
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 537620
Tracking Flags:
Tracking Status
e10s - ---
firefox35 ? ---

People

(Reporter: to_copulate, Unassigned)

References

(
URL
)

Details

(Whiteboard: DUPEME)

Crash Data

Attachments

(1 file)

Break.html
297 bytes, text/html
Details
Attached file Break.html 
User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)

Steps to reproduce:

Simply open the attached html page and it crashes the browser.


Actual results:

Crashes the browser. This is denial of service attack. This happens in all the version of browser way from version 22 to 25.0.1 tested in the windows 7 PC fully patched(14/11/2013)


Expected results:

Should load the page with the text which is mentioned in the write.document
URL: www.firefox-crash.net23.net
Severity: normal → major
Priority: -- → P2
Crash Signature: AdapterDeviceID: 0x0126 AdapterVendorID: 0x8086 Add-ons: translator%40zoli.bod:2.1.0.3,%7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.16,%7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.5,%7Bbee6eb20-01e0-ebd1-da83-080329fb9a3a%7D:1.43,%7B972ce4c6-7e08-…
It appears this is OOMing the browser but not security sensitive
Group: core-security
Severity: major → normal
Priority: P2 → --
Check the protocol
tracking-e10s: --- → ?
tracking-firefox35: --- → ?
When I have opened the attached HTML page in Firefox latest release(43.0.4) and the latest Nightly(46.0a1), a notification is displayed that a page is slowing down the browser with 2 buttons  "Stop it" and "Wait". I have clicked the "Stop it" button but the whole system freezes, no crash report. Only a system restart will solve the freezing issue.

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
Build ID: 20160105164030

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Build ID: 20160111030207

This issue is also reproducible on Windows 8.1.

Regarding this, I will change the Status to NEW and adding the component DOM: Core & HTML.
If anyone considers that the component is not the right one, please change it to a more appropriate one.
Status: UNCONFIRMED → NEW
Component: Untriaged → DOM: Core & HTML
Ever confirmed: true
OS: Windows 7 → Windows
Product: Firefox → Core
Version: 25 Branch → Trunk
This is a duplicate: it's just doubling the size of the DOM a bunch of times (300000 of them, not like you can get that far).  Please find the original and mark this duplicate.
Whiteboard: DUPEME
Hi,

I made some digging in bugzilla and have not managed to find any duplicates for this issue. Maybe I haven't been searching the right thing. Can you provide a link with the main issue so I can update this one as duplicate ?

Thank you,
Vlad
Flags: needinfo?(bzbarsky)
I suggest searching for bugs with "document.write" in the comments and "oom" in the summary, for a start.
Flags: needinfo?(bzbarsky)
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: