XSLT Related Crashes?

Bug reports and enhancement requests
Post Reply
User avatar
therube
Ambassador
Posts: 7924
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

XSLT Related Crashes?

Post by therube »

XSLT Related Crashes?

Theory ... (a work in progress)

An unpatched for Bug 485217 browser, so SeaMonkey 1.1.15 or FF 3.0.7 or FF 3.2.x
NoScript 1.9.1.5
An XSLT testcase that generates a crash

Install NoScript
Try to force a crash

NoScript blocks the crash

-> Temporarily Allow the domain of the exploit (file:// if local)

RESULT: Browser crashes

Code: Select all

Add-ons: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.1.1,{20a82645-c095-46ed-80e3-08825760534b}:1.0,{73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.1.5,scrollimg@hashao.studio:0.9.3,{47d1d620-5e5b-11da-8cd6-0800200c9a66}:2.0,{D46E8522-6E86-44b1-A622-58C0668AD78E}:3.0.9,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.4pre,silvermel@pardal.de:1.0.3
BuildID: 2008102706
CrashTime: 1238199194
InstallTime: 1227984726
ProductName: Firefox
SecondsSinceLastCrash: 488
StartupTime: 1238198744
Theme: silvermel
URL: file:///C:/TMP/ffcrash/xmlcrash.html
UserID: 34ae89b9-67ab-4919-bb5b-1db4e349ede0
Vendor: Mozilla
Version: 3.0.4pre

Code: Select all

Add-ons: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.1.7.9,{73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.1.5,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.2a1pre
BuildID: 20090206084003
CrashTime: 1238200187
InstallTime: 1237662240
ProductName: Firefox
SecondsSinceLastCrash: 265
StartupTime: 1238199985
Theme: classic/1.0
Throttleable: 1
URL: file:///C:/TMP/ffcrash/xmlcrash.html
Vendor: Mozilla
Version: 3.2a1pre
Happens similarly in the case of SeaMonkey 1.1.15
It talks about a crash in ModName: transformiix.dll


So it looks to be affecting at least Gecko 1.8.1 & 1.9.0 & 1.9.2
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b4pre) Gecko/20090327 SeaMonkey/2.0b1pre
User avatar
Giorgio Maone
Site Admin
Posts: 9454
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: XSLT Related Crashes?

Post by Giorgio Maone »

Not sure about what's the issue here.
If you allow the site, you allow the XSLT to run and crash your browser.
Am I missing something?
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7 (.NET CLR 3.5.30729)
User avatar
therube
Ambassador
Posts: 7924
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: XSLT Related Crashes?

Post by therube »

Theory BUSTED!

You know, sometimes you just have to hit me upside the head :lol: !

DUH!

What in the world was I thinking?

Today, all day, I was working on a patched browser.
So with NoScript 1.9.1.5 installed, I could toggle the exploit domain, & it would alternately show an empty box (domain not allowed) or a box with Error during XSLT transformation: An unknown XPath extension function was called. inside (domain blocked).

Then I start installing NoScript 1.9.1.5 into other older browsers.
And I see that NoScript blocks the crash.
I see the empty box.
Figure all is well.
Then I toggle the domain & I get the crash (well DUH) instead of the Error during XSLT... message that I was used to seeing ...

That threw me for a loop.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b4pre) Gecko/20090327 SeaMonkey/2.0b1pre
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: XSLT Related Crashes?

Post by GµårÐïåñ »

Phew, glad that was resolved. I was confused as hell for a minute there. :?
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8
Post Reply