Closed Bug 544188 Opened 15 years ago Closed 15 years ago

Stack Exhaustion or null pointer in XUL module.

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 485941

People

(Reporter: jplopezy, Unassigned)

Details

Attachments

(1 file)

malformed web server!
(deleted), text/plain
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729) The vulnerability is caused when a user open a web with many "<a>" tags and the "content type" of the web server is "text/xml. After it, firefox only crash... nothing more. Reproducible: Always Steps to Reproduce: 1.Start the malicious webserver 2.Open the web site with firefox Actual Results: The browser crash, nothing more! Expected Results: firefox should display a classic error of xml caused for a invalid string but not a crash. Talking about security: i do some test, for example in windows always crash on xul module in a null memory address and for this reason i say that maybe is only a (dos,stack exhaustion,null pointer) however, if there are a security issue is on linux, because we know that a null pointer is exploitable but i can't control the memory address... LINUX : libxul.so WIN : xul.dll
Attached file malformed web server! (deleted) —
This web server written in python is for test the vulnerability! you only need give the port number!.
looks like a dupe of bug 485941
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: