Closed
Bug 1504414
Opened 6 years ago
Closed 6 years ago
Access violation while reading memory at 0x40 using a NULL pointer. firefox.exe!xul.dll
Categories
(Core :: Spelling checker, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1497480
People
(Reporter: b.kurinnoy, Unassigned)
References
Details
(Keywords: crash, Whiteboard: [reporter-external] [client-bounty-form] [verif?])
Crash Data
Attachments
(3 files)
Vulnerability was detected by fuzzing.
I used domato, BugId and some script.
Fuzzing was do on latest version of firefox (63.0.1) based on Windows 10 x64.
BugId identified this as problems as
AVR@NULL+0x40 9ad.6e4 @ firefox.exe!xul.dll+0x405FDA2
BugId: AVR@NULL+0x40 9ad.6e4
Location: firefox.exe!xul.dll+0x405FDA2
Description: Access violation while reading memory at 0x40 using a NULL pointer.
Version: firefox.exe: 63.0.1.6877 (x64)
xul.dll: 63.0.1.6877 (x64)
Report of BugId and Proof_of_concept.html in rar archive (info.rar). info.rar are attached.
Flags: sec-bounty?
Crash Signature: Access violation while reading memory at 0x40 using a NULL pointer. firefox.exe!xul.dll+0x405FDA2
Comment 4•6 years ago
|
||
Please don't alter the priority field or set security keywords yourself.
Keywords: sec-high
Priority: P5 → --
Comment 5•6 years ago
|
||
Does the crashreporter come up, and if so, can you link to a report corresponding to this crash? (you can find them in about:crashes )
Flags: needinfo?(b.kurinnoy)
(In reply to :Gijs (he/him) from comment #5)
> Does the crashreporter come up, and if so, can you link to a report
> corresponding to this crash? (you can find them in about:crashes )
Ok!) https://crash-stats.mozilla.com/report/index/9d5e5279-2526-4a7e-ad75-e63da0181103
Flags: needinfo?(b.kurinnoy)
Comment 7•6 years ago
|
||
The stack looks like bug 1446043 which is supposed to have been fixed by bug 1497480 on Firefox 65 and later. This also looks like a nullptr crash to me, so I think it isn't a security issue. Edgar, can you confirm?
Reporter, can you confirm if you can still reproduce the crash with a copy of Firefox Nightly? ( https://nightly.mozilla.org/ - you may want to use a separate/temp profile to test)
Group: firefox-core-security → dom-core-security
Component: Security → Spelling checker
Flags: needinfo?(echen)
Flags: needinfo?(b.kurinnoy)
Product: Firefox → Core
I can't reproduce this crash in firefox nightly 65.0a1.
Flags: needinfo?(b.kurinnoy)
Comment 9•6 years ago
|
||
Yes, it is a nullptr crash and has been fixed by bug 1497480.
Flags: needinfo?(echen)
Updated•6 years ago
|
Group: dom-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
Updated•6 years ago
|
Flags: sec-bounty? → sec-bounty-
You need to log in
before you can comment on or make changes to this bug.
Description
•