[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: CVE request: DoS loading a SVG in Firefox
From: Gustavo Grieco <gustavo.grieco () gmail ! com>
Date: 2016-10-26 22:32:03
Message-ID: CACn5sdRcbLd97UmcuPWptce=EC=cJseGoCw0NaxXZaT+Q7g8bw () mail ! gmail ! com
[Download RAW message or body]
This issue was recently minimized and isolated to the circular use of
xlink:hrefs:
https://bugzilla.mozilla.org/show_bug.cgi?id=1297206#c5
Is a CVE suitable for this DoS?
Regards,
Gustavo.
2016-10-06 12:09 GMT-03:00 Gustavo Grieco <gustavo.grieco@gmail.com>:
> Hello,
>
> Some months ago, we found that just loading this image:
>
> https://dcc.fceia.unr.edu.ar/~ggrieco/oom.svg (518K)
>
> will cause Firefox to consume all your memory. Once you click, you
> cannot stop the memory constant memory leak. It can take a few minutes
> (we tested in a desktop computer with 16GB). At the end, Firefox will
> abort or it will be terminated by the OS.
>
> At least Firefox 49 and 51 in several platforms are affected. A report
> in the Mozilla bug tracker was filled:
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=1297206
>
> Please assign a CVE if suitable.
>
> Regards,
> Gustavo.
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic