oss-sec mailing list archives
Re: CVE request: DoS loading a SVG in Firefox
From: Gustavo Grieco <gustavo.grieco () gmail com>
Date: Wed, 26 Oct 2016 19:32:03 -0300
This issue was recently minimized and isolated to the circular use of xlink:hrefs: https://bugzilla.mozilla.org/show_bug.cgi?id=1297206#c5 Is a CVE suitable for this DoS? Regards, Gustavo. 2016-10-06 12:09 GMT-03:00 Gustavo Grieco <gustavo.grieco () gmail com>:
Hello, Some months ago, we found that just loading this image: https://dcc.fceia.unr.edu.ar/~ggrieco/oom.svg (518K) will cause Firefox to consume all your memory. Once you click, you cannot stop the memory constant memory leak. It can take a few minutes (we tested in a desktop computer with 16GB). At the end, Firefox will abort or it will be terminated by the OS. At least Firefox 49 and 51 in several platforms are affected. A report in the Mozilla bug tracker was filled: https://bugzilla.mozilla.org/show_bug.cgi?id=1297206 Please assign a CVE if suitable. Regards, Gustavo.
Current thread:
- CVE request: DoS loading a SVG in Firefox Gustavo Grieco (Oct 06)
- Re: CVE request: DoS loading a SVG in Firefox Gustavo Grieco (Oct 26)
- Re: CVE request: DoS loading a SVG in Firefox cve-assign (Nov 26)
- Re: CVE request: DoS loading a SVG in Firefox Gustavo Grieco (Oct 26)