Closed Bug 318109 Opened 19 years ago Closed 19 years ago

IE vulnerability proof-of-concept freezes Firefox

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED DUPLICATE of bug 317334

People

(Reporter: bugzilla, Unassigned)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8) Gecko/20051111 Firefox/1.5

The vulnerability is described here:
http://www.computerterrorism.com/research/ie/ct21-11-2005.htm

Use the URL above to test the proof-of-concept. Upon using any of the two variants, Firefox (both 1.0.7 and 1.5 RC3) freezes and consumes 100% CPU.

Reproducible: Always

Steps to Reproduce:
1. Visit http://www.computerterrorism.com/research/ie/poc.htm
2. Click one of the demos.
3. Freeze.

Actual Results:  
Firefox freezes and must be killed manually.

Expected Results:  
Not freeze and, ideally, warn if there's something wrong with the JS script.

Tests were performed on two different Windows 2000 systems. Additionally, the issue has been raised in the mozillazine forums and other people have been able to confirm it.
See: http://forums.mozillazine.org/viewtopic.php?t=346910

*** This bug has been marked as a duplicate of 317334 ***
Group: security
Status: UNCONFIRMED → RESOLVED
CC list accessible: false
Closed: 19 years ago
Not accessible to reporter
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.