Issue 689969 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Owner:	----
Closed:	Feb 2017
EstimatedDays:	----
NextAction:	----
OS:	Windows
Pri:	2
Type:	Bug-Security
allpublic Via-Wizard-Security

XML,XUL parser memory corruption.

Reported by mishra.d...@gmail.com, Feb 8 2017

Issue description

UserAgent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0

Steps to reproduce the problem:
1. Open poc.html 
The tab gets crashes and crash ID is generated.
Doesn't works on Linux, gives an error on script, will testing that as well and will try to update the testcase for linux as well. 

What is the expected behavior?

What went wrong?
Crash ID 1a021ffd-ea8f-40af-b7a6-35a2e44f0fa7

Did this work before? N/A 

Chrome version: 	56.0.2924.87 (Official Build) (64-bit)  Channel: stable
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
Flash Version: Shockwave Flash 24.0 r0

Comment 1 by mishra.d...@gmail.com, Feb 8 2017

Testcase for Windows.

poc.html
40 bytes View Download

mo.xml
223 KB View Download

Comment 2 by elawrence@chromium.org, Feb 8 2017

Based on the crash stack on the server, this looks like Issue 688010.

Comment 3 by palmer@chromium.org, Feb 8 2017

Mergedinto: 688010
Status: Duplicate (was: Unconfirmed)

Project Member

Comment 4 by sheriffbot@chromium.org, May 18 2017

Labels: -Restrict-View-SecurityTeam allpublic

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

►

Issue 689969 link

Issue metadata

XML,XUL parser memory corruption.

Issue description

Comment 1 by mishra.d...@gmail.com, Feb 8 2017

Comment 1 Deleted

Comment 2 by elawrence@chromium.org, Feb 8 2017

Comment 2 Deleted

Comment 3 by palmer@chromium.org, Feb 8 2017

Comment 3 Deleted

Comment 4 by sheriffbot@chromium.org, May 18 2017

Comment 4 Deleted

Sign in to add a comment