InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

XSLT Related Crashes?

https://forums.informaction.com/viewtopic.php?t=179

Page 1 of 1

XSLT Related Crashes?

Posted: Sat Mar 28, 2009 12:19 am
by therube
XSLT Related Crashes?

Theory ... (a work in progress)

An unpatched for Bug 485217 browser, so SeaMonkey 1.1.15 or FF 3.0.7 or FF 3.2.x
NoScript 1.9.1.5
An XSLT testcase that generates a crash

Install NoScript
Try to force a crash

NoScript blocks the crash

-> Temporarily Allow the domain of the exploit (file:// if local)

RESULT: Browser crashes

Code: Select all

Add-ons: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.1.1,{20a82645-c095-46ed-80e3-08825760534b}:1.0,{73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.1.5,scrollimg@hashao.studio:0.9.3,{47d1d620-5e5b-11da-8cd6-0800200c9a66}:2.0,{D46E8522-6E86-44b1-A622-58C0668AD78E}:3.0.9,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.4pre,silvermel@pardal.de:1.0.3
BuildID: 2008102706
CrashTime: 1238199194
InstallTime: 1227984726
ProductName: Firefox
SecondsSinceLastCrash: 488
StartupTime: 1238198744
Theme: silvermel
URL: file:///C:/TMP/ffcrash/xmlcrash.html
UserID: 34ae89b9-67ab-4919-bb5b-1db4e349ede0
Vendor: Mozilla
Version: 3.0.4pre

Code: Select all

Add-ons: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.1.7.9,{73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.1.5,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.2a1pre
BuildID: 20090206084003
CrashTime: 1238200187
InstallTime: 1237662240
ProductName: Firefox
SecondsSinceLastCrash: 265
StartupTime: 1238199985
Theme: classic/1.0
Throttleable: 1
URL: file:///C:/TMP/ffcrash/xmlcrash.html
Vendor: Mozilla
Version: 3.2a1pre
Happens similarly in the case of SeaMonkey 1.1.15
It talks about a crash in ModName: transformiix.dll


So it looks to be affecting at least Gecko 1.8.1 & 1.9.0 & 1.9.2

Re: XSLT Related Crashes?

Posted: Sat Mar 28, 2009 12:25 am
by Giorgio Maone
Not sure about what's the issue here.
If you allow the site, you allow the XSLT to run and crash your browser.
Am I missing something?

Re: XSLT Related Crashes?

Posted: Sat Mar 28, 2009 12:34 am
by therube
Theory BUSTED!

You know, sometimes you just have to hit me upside the head :lol: !

DUH!

What in the world was I thinking?

Today, all day, I was working on a patched browser.
So with NoScript 1.9.1.5 installed, I could toggle the exploit domain, & it would alternately show an empty box (domain not allowed) or a box with Error during XSLT transformation: An unknown XPath extension function was called. inside (domain blocked).

Then I start installing NoScript 1.9.1.5 into other older browsers.
And I see that NoScript blocks the crash.
I see the empty box.
Figure all is well.
Then I toggle the domain & I get the crash (well DUH) instead of the Error during XSLT... message that I was used to seeing ...

That threw me for a loop.

Re: XSLT Related Crashes?

Posted: Sat Mar 28, 2009 12:51 am
by GµårÐïåñ
Phew, glad that was resolved. I was confused as hell for a minute there. :?
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited