Closed Bug 303819 Opened 19 years ago Closed 17 years ago

Crash if too much text entered in text box that has no max character limit.

Categories

(Firefox :: General, defect)

1.0 Branch
x86
Windows XP
defect
Not set
critical

Tracking

()

RESOLVED INCOMPLETE

People

(Reporter: smeezer, Unassigned)

References

()

Details

(Keywords: crash)

Attachments

(1 file)

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6 At the url I have listed, and likely others similar to it, at time of posting the sites creator had not put a character limit on the text box and if you were to copy and paste text into the text box and continue copying and pasting large amounts of text eventually firefox simply crashes. I and several friends have reproduced this effect repeatedly. We have concluded that if you were to use a text area with a javascript to fill it, you could potentially do a weak DOS attack or possibly even execute malicious code. Reproducible: Always Steps to Reproduce: 1. Enter a page with a text box that has no character limit. 2. Using the keyboard command for copy and paste, simply hold down control + v copying large amounts of text into the box Actual Results: Firefox dissapeared and quality agent opened. Expected Results: Continued to accept text until machine limit reached. This bug on a variety of system configurations as my machine is a bit older and my friends also have a variety of older and newer hardware. I'm not expert enough to be sure, but it seems to be a potential security flaw and I will mark it as such, I apologize in advance if I am incorrect in doing so.
Making public because there isn't any information here that isn't already public. See bug 302294 and its other dependencies.
Blocks: longlines
Group: security
Keywords: crash
ok :) thanks... sorry if this wasted your time.
Please provide a talkback ID for the crash. http://kb.mozillazine.org/Talkback
(In reply to comment #3) > Please provide a talkback ID for the crash. http://kb.mozillazine.org/Talkback I wasn't using Agent when this happened so I don't think I have a talkback ID
Attached file Crash dump from Firefox (deleted) —
I opened a phisher site in Foxfire on Windows XP Profesional 2002 service pack 2 and pasted a 2 Meg text line into a password text box. Now whenever I try to type into a text box, the first character shows up and then Foxfire stops responding. I can open a web site and display it, as long as I do not put in any keyboard input. Other browsers (Netscape and IE) still function. I removed foxfire and loaded the latest release, but it still freezes with any input. I prefer to use Foxfire, but no longer runs.
I cannot input text into any text box on any site using Foxfire! It crashes completely. I have attached the crash dump that microsoft generates.
Ronald, that stack is pretty useless. Please install with talkback and post the talkback ID(s) here. http://kb.mozillazine.org/Talkback
Attachment #206343 - Attachment description: Crash dump from Foxfire. → Crash dump from Firefox
-> resolving as incomplete. Ronald, if you can still reproduce this bug with a current build/release, feel free to reopen, please also include a Talback ID, see Adam's comment #7
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → INCOMPLETE
Version: unspecified → 1.0 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: