[25719] in bugtraq
Re: remote DoS in Mozilla 1.0
daemon@ATHENA.MIT.EDU (Stijn Jonker)
Tue Jun 11 11:04:19 2002
Date: Tue, 11 Jun 2002 15:05:31 +0200 (CEST)
From: Stijn Jonker <SJCJonker@SJC.nl>
To: Tom <tom@lemuria.org>
Cc: bugtraq@securityfocus.com
In-Reply-To: <20020610102006.A6947@lemuria.org>
Message-ID: <Pine.LNX.4.44.0206111457420.20762-100000@ph-wks-01.sjc.nl>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello all,
The one think that keeps popping up in my mind after reading your post:
Is this really a mozilla bug?
My answer:
No, because try and font of the size 1666666px in gimp on the same system,
the symptoms and the end effect is exactly the same here.
System: RH 7.3
512 M memory
1024M Swap
Xfs & XFree86 4.2.0
What happens is that XFS consumes huge amounts of ram, and finally bails
out. So end of story for the fonts in X. As a result X is practicly
useless.
I can only guess what happens when you don't use XFS but Xserver based
fontrendering, the X server consumes huge amounts of mem and cpu and bails
out => server crash => Bye Bye X.
The solution(s):
(a) Fix every app to disallow font sizes bigger then <maxvalue>
(b) Fix XFS to return an error code to the calling application
when requested font size is greater then configured <maxvalue>
Personally i would go for b.
Just my $0.02, but is you disagree please let me know.
On Mon, 10 Jun 2002, Tom wrote:
> Author
> ======
> Tom Vogt <tom@lemuria.org>
> http://web.lemuria.org/
>
> Affected
> ========
> Mozilla 1.0 and earlier
> verified on Linux and Solaris, other Unixes most likely affected as well.
>
> Effect
> ======
> System becomes unuseable or X windows crashes
> (varies depending on system configuration)
>
> Description
> ===========
> When loading pages with a specially prepared (or erroneous) stylesheet,
> mozilla and X windows (not restricted to XFree) exhibit any of two
<<SNIP>>
>
> Example
> =======
> Include a huge font size in your style sheet definition, e.g.:
> body { font-size: 1666666px; }
>
- --
Met Vriendelijke groet/Yours Sincerely
Stijn Jonker <SJCJonker@sjc.nl>
- --
Outlook Express is actually an incredibly effective virus distribution system which only pretends to be an email program.
[by Eric Lee]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9BfWcH0P/oLuWBrcRAqB3AJkBudCe8ovF9+u5dPdFEYP/p1zUtgCbBc4I
k/e0j6d1HDEQQb/XiWKnF3k=
=TUcz
-----END PGP SIGNATURE-----
