Issue metadata
Sign in to add a comment
|
Security: Write AV crash in Vivaldi Browser (1/4)
Reported by
610c...@gmail.com,
Jun 10 2016
|
|||||||||||||||||||
Issue descriptionVULNERABILITY DETAILS described as an output from windbg in details.txt (attached). VERSION Vivaldi Browser 1.2 (vivaldi.net) Operating System: Windows 7 (32bit) REPRODUCTION CASE vivaldi.exe poc.swf Type of crash: Write Access Violation Crash State: in details.txt P.S. I'm sending this directly to you because: "(...)With regards to the other issues, even if they are indeed valid in some scenarios, they are very likely to be deep within Chromium or Blink code that we have not altered. Therefore these issues should really be reported upstream to the Chromium project. Thus if there is indeed anything exploitable, fixes will end up in all Chromium derived browsers and products, thus benefiting the widest range of users."
,
Jun 10 2016
3rd: (gmail said its a "virus", so password is: 0xdefc5219.0x22b71bb3) This time poc in TIFF format (WriteAV again).
,
Jun 10 2016
Last write AV poc, TIFF too - below.
,
Jun 10 2016
In my opinion, the last one (GIF poc) is a DoS, but maybe you will find it useful.
,
Jun 10 2016
ClusterFuzz is analyzing your testcase. Developers can follow the progress at https://cluster-fuzz.appspot.com/testcase?key=5345774556938240
,
Jun 10 2016
ClusterFuzz is analyzing your testcase. Developers can follow the progress at https://cluster-fuzz.appspot.com/testcase?key=4755260040282112
,
Jun 10 2016
ClusterFuzz is analyzing your testcase. Developers can follow the progress at https://cluster-fuzz.appspot.com/testcase?key=5619197090725888
,
Jun 10 2016
ClusterFuzz is analyzing your testcase. Developers can follow the progress at https://cluster-fuzz.appspot.com/testcase?key=6656746030628864
,
Jun 10 2016
ClusterFuzz is analyzing your testcase. Developers can follow the progress at https://cluster-fuzz.appspot.com/testcase?key=5618724442996736
,
Jun 10 2016
ClusterFuzz is analyzing your testcase. Developers can follow the progress at https://cluster-fuzz.appspot.com/testcase?key=5322387654705152
,
Jun 10 2016
ClusterFuzz is analyzing your testcase. Developers can follow the progress at https://cluster-fuzz.appspot.com/testcase?key=6129851925004288
,
Jun 10 2016
ClusterFuzz is analyzing your testcase. Developers can follow the progress at https://cluster-fuzz.appspot.com/testcase?key=4844517329207296
,
Jun 10 2016
ClusterFuzz is analyzing your testcase. Developers can follow the progress at https://cluster-fuzz.appspot.com/testcase?key=5152130671575040
,
Jun 10 2016
ClusterFuzz is analyzing your testcase. Developers can follow the progress at https://cluster-fuzz.appspot.com/testcase?key=5649512765063168
,
Jun 10 2016
Thanks for the report. Do you have any POC that you've tested with Chrome? (Sorry for the spam - clusterfuzz UI was failing to give a confirmation of upload.)
,
Jun 10 2016
Thanks for the report, but none of these reproduce on Chrome. If you do narrow this down to code within chrome, and have a repro, please file another bug. Thank you.
,
Sep 17 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
|
||||||||||||||||||||
►
Sign in to add a comment |
||||||||||||||||||||
Comment 1 by 610c...@gmail.com
, Jun 10 20161.3 MB
1.3 MB Download