Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 6 Oct 2016 12:09:05 -0300
From: Gustavo Grieco <gustavo.grieco@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE request: DoS loading a SVG in Firefox

Hello,

Some months ago, we found that just loading this image:

https://dcc.fceia.unr.edu.ar/~ggrieco/oom.svg (518K)

will cause Firefox to consume all your memory. Once you click, you
cannot stop the memory constant memory leak. It can take a few minutes
(we tested in a desktop computer with 16GB). At the end, Firefox will
abort or it will be terminated by the OS.

At least Firefox 49 and 51 in several platforms are affected. A report
in the Mozilla bug tracker was filled:

https://bugzilla.mozilla.org/show_bug.cgi?id=1297206

Please assign a CVE if suitable.

Regards,
Gustavo.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ