Date: Thu, 6 Oct 2016 12:09:05 -0300 From: Gustavo Grieco <gustavo.grieco@...il.com> To: oss-security@...ts.openwall.com Subject: CVE request: DoS loading a SVG in Firefox Hello, Some months ago, we found that just loading this image: https://dcc.fceia.unr.edu.ar/~ggrieco/oom.svg (518K) will cause Firefox to consume all your memory. Once you click, you cannot stop the memory constant memory leak. It can take a few minutes (we tested in a desktop computer with 16GB). At the end, Firefox will abort or it will be terminated by the OS. At least Firefox 49 and 51 in several platforms are affected. A report in the Mozilla bug tracker was filled: https://bugzilla.mozilla.org/show_bug.cgi?id=1297206 Please assign a CVE if suitable. Regards, Gustavo.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ