User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 Crashes on opening of html - If you like I can host it on my website... Just ask me! Reproducible: Always Steps to Reproduce: 1.Download the zip 2.Extract the zip 3.Open poc.html Actual Results: Crash Expected Results: Crash - If you like I can host it on my website... Just ask me!

Found on: http://milw0rm.com/exploits/8306 Confirmed by me. Hosted On: http://www.reelix.za.net/KO/Firefox 3.0.8.html

Verified. Note that in fact there is no "XUL" involved, nor memory corruption. All hail people just making stuff up.

Thanks for your replies (everyone) Also, thanks for giving me access to the 'duplicate' bug. Boris: What do you think it should be called, this security vulnerability?

It's a stack overflow caused by a deeply nested DOM tree (not to be confused with a stack buffer overflow). See http://en.wikipedia.org/wiki/Stack_overflow It's also not a security vulnerability; it doesn't allow the attacker to run code. It's just a DoS.

Oh, okay. Although DoS's like this could be used the other way around... Crashing Firefox then opening there own hacked version of Firefox...

Um.. if someone can run a hacked version of Firefox on your computer, you just lose. Why would they need to crash the running one? They could just ask it nicely to shut down.

LOL True True