Comments on: Mozilla Firefox Security Bug Not Quite Fixed http://cybernetnews.com/mozilla-firefox-security-bug-not-quite-fixed/ Technology News Sat, 21 Nov 2009 21:30:02 -0600 http://wordpress.org/?v=2.8.6 hourly 1 By: Ryan http://cybernetnews.com/mozilla-firefox-security-bug-not-quite-fixed/comment-page-1/#comment-73193 Ryan Mon, 08 Jan 2007 17:15:25 +0000 http://tech.cybernetnews.com/2006/10/24/mozilla-firefox-security-bug-not-quite-fixed/#comment-73193 I had completely forgotten about this, but the original bug has been fixed as the website says. My Firefox 2.0.0.1 didn't crash on the first one that it mentions but the other one that it says hasn't been fixed. I had completely forgotten about this, but the original bug has been fixed as the website says. My Firefox 2.0.0.1 didn’t crash on the first one that it mentions but the other one that it says hasn’t been fixed.

]]> By: SLA http://cybernetnews.com/mozilla-firefox-security-bug-not-quite-fixed/comment-page-1/#comment-73084 SLA Mon, 08 Jan 2007 09:45:22 +0000 http://tech.cybernetnews.com/2006/10/24/mozilla-firefox-security-bug-not-quite-fixed/#comment-73084 Still works with Firefox 2.0.1. :( Still works with Firefox 2.0.1. :(

]]> By: SLA http://cybernetnews.com/mozilla-firefox-security-bug-not-quite-fixed/comment-page-1/#comment-28882 SLA Wed, 25 Oct 2006 11:52:22 +0000 http://tech.cybernetnews.com/2006/10/24/mozilla-firefox-security-bug-not-quite-fixed/#comment-28882 There is NO software which doesn't need patching in the whole world. Every software needs to be patched sooner or later. This is absolutely normal. All humans' creations are buggy :) There is NO software which doesn’t need patching in the whole world. Every software needs to be patched sooner or later. This is absolutely normal. All humans’ creations are buggy :)

]]> By: Hansen http://cybernetnews.com/mozilla-firefox-security-bug-not-quite-fixed/comment-page-1/#comment-28871 Hansen Wed, 25 Oct 2006 07:57:54 +0000 http://tech.cybernetnews.com/2006/10/24/mozilla-firefox-security-bug-not-quite-fixed/#comment-28871 Hmmm, I don't really know why, but surprisingly it didn't crash my firefox v1.0.7 under Fedora Core 3! Hmmm, I don’t really know why, but surprisingly it didn’t crash my firefox v1.0.7 under Fedora Core 3!

]]> By: netster007x http://cybernetnews.com/mozilla-firefox-security-bug-not-quite-fixed/comment-page-1/#comment-28861 netster007x Wed, 25 Oct 2006 05:27:26 +0000 http://tech.cybernetnews.com/2006/10/24/mozilla-firefox-security-bug-not-quite-fixed/#comment-28861 I've got noscript as well, so to test the site I reluctantly temporarily enabled javascript and yup, crashed as advertised. This really surprises me, and I bet it'll be fixed soon! Kinda sad, though, that this brand new release already needs patching. Fx2 I’ve got noscript as well, so to test the site I reluctantly temporarily enabled javascript and yup, crashed as advertised. This really surprises me, and I bet it’ll be fixed soon! Kinda sad, though, that this brand new release already needs patching.

Fx2

]]> By: SLA http://cybernetnews.com/mozilla-firefox-security-bug-not-quite-fixed/comment-page-1/#comment-28804 SLA Tue, 24 Oct 2006 19:08:48 +0000 http://tech.cybernetnews.com/2006/10/24/mozilla-firefox-security-bug-not-quite-fixed/#comment-28804 <strong>Firefox 3.0 alpha (20061011)</strong> - crashed in 1 second. <strong>IE 7.0 Final Release</strong> - freezes for 5 minutes (eating 50% CPU, and RAM 135MB/5min), then I killed IE7 process. Opera 9.02 - resisted successfully (with about 30 seconds "wait" mouse pointer). I'm sure that Mozilla team will fix this VERY soon, and what about Microsoft team? We will have to wait 1 year until IE7 SP1, or 5 years until IE8 ? :) Firefox 3.0 alpha (20061011) – crashed in 1 second.
IE 7.0 Final Release – freezes for 5 minutes (eating 50% CPU, and RAM 135MB/5min), then I killed IE7 process.
Opera 9.02 – resisted successfully (with about 30 seconds “wait” mouse pointer).

I’m sure that Mozilla team will fix this VERY soon, and what about Microsoft team? We will have to wait 1 year until IE7 SP1, or 5 years until IE8 ? :)

]]> By: Ajay http://cybernetnews.com/mozilla-firefox-security-bug-not-quite-fixed/comment-page-1/#comment-28801 Ajay Tue, 24 Oct 2006 18:43:42 +0000 http://tech.cybernetnews.com/2006/10/24/mozilla-firefox-security-bug-not-quite-fixed/#comment-28801 Crashed IE7 as well. Crashed IE7 as well.

]]> By: Lewis http://cybernetnews.com/mozilla-firefox-security-bug-not-quite-fixed/comment-page-1/#comment-28800 Lewis Tue, 24 Oct 2006 18:38:03 +0000 http://tech.cybernetnews.com/2006/10/24/mozilla-firefox-security-bug-not-quite-fixed/#comment-28800 Crashes MSIE 6 for me. Crashes MSIE 6 for me.

]]> By: Bill http://cybernetnews.com/mozilla-firefox-security-bug-not-quite-fixed/comment-page-1/#comment-28797 Bill Tue, 24 Oct 2006 18:28:53 +0000 http://tech.cybernetnews.com/2006/10/24/mozilla-firefox-security-bug-not-quite-fixed/#comment-28797 Wrong bug. The bug causing the crash you see here is at: https://bugzilla.mozilla.org/show_bug.cgi?id=323394 It is still in a new state with no clear path of how to fix it. As I read this, it isn't the claimed security hole that the Security Advisory page talks about. This doesn't cause any memory corruption, just a stack overflow and the application immediately aborts. from the comments on the bug: ------- Comment #13 From Robert O'Callahan (Novell) 2006-09-11 21:26 PDT [reply] ------- There is no way to fix this without breaking very deeply nested pages ... except by rewriting Gecko to avoid the use of recursion. That would take a while. ------- Comment #14 From Robert O'Callahan (Novell) 2006-09-11 21:27 PDT [reply] ------- I think limiting the depth allowed by the XML parser, just like the HTML parser does, would be a good start. Wrong bug.

The bug causing the crash you see here is at:
[bugzilla.mozilla.org]

It is still in a new state with no clear path of how to fix it. As I read this, it isn’t the claimed security hole that the Security Advisory page talks about.

This doesn’t cause any memory corruption, just a stack overflow and the application immediately aborts.

from the comments on the bug:
——- Comment #13 From Robert O’Callahan (Novell) 2006-09-11 21:26 PDT [reply] ——-

There is no way to fix this without breaking very deeply nested pages …
except by rewriting Gecko to avoid the use of recursion. That would take a
while.

——- Comment #14 From Robert O’Callahan (Novell) 2006-09-11 21:27 PDT [reply] ——-

I think limiting the depth allowed by the XML parser, just like the HTML parser
does, would be a good start.

]]> By: Ryan http://cybernetnews.com/mozilla-firefox-security-bug-not-quite-fixed/comment-page-1/#comment-28791 Ryan Tue, 24 Oct 2006 17:40:21 +0000 http://tech.cybernetnews.com/2006/10/24/mozilla-firefox-security-bug-not-quite-fixed/#comment-28791 <div id="commentquote"><a href="#comment-28784">Dave wrote:</a><blockquote>javascript required so once again, the noscript extension comes in handy</blockquote></div> Thanks Dave...I forgot to mention that but I added it to the post. <div id="commentquote"><a href="#comment-28790">Nate The Great wrote:</a><blockquote>That link even pretty much crashed IE7. after it loads it wont respond. ctrl alt delete saves the day again! :)</blockquote></div> I tried it in IE7 and even though it did run a little sluggish I was still able to close the tab and have it return to normal without restarting the browser. Dave wrote:
javascript required

so once again, the noscript extension comes in handy

Thanks Dave…I forgot to mention that but I added it to the post.

Nate The Great wrote:
That link even pretty much crashed IE7. after it loads it wont respond. ctrl alt delete saves the day again! :)

I tried it in IE7 and even though it did run a little sluggish I was still able to close the tab and have it return to normal without restarting the browser.

]]>