InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

specific javascript code will crash firefox

https://forums.informaction.com/viewtopic.php?t=20710

Page 1 of 1

specific javascript code will crash firefox

Posted: Sat Apr 11, 2015 11:40 am
by taoww
NoScript 2.6.9.21
Firefox 37 Linux / 38 Beta Win7

these codes below will crash firefox with noscript enabled

test.html

Code: Select all

<!DOCTYPE HTML>
<html>
<head>
	<title></title>
	<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
	<script>
		(new window.MutationObserver(function (mRecords) {
			var wPlugins = [];
			mRecords.forEach(function (mRecord) {
				var addedNodes = mRecord.addedNodes;
				if (!addedNodes.length) {
					return;
				}
				[].forEach.call(addedNodes, function (node) {
					if (node.nodeType != 1) return;
					if (/^(?:OBJECT|EMBED)$/.test(node.nodeName)) {
						wPlugins.push(node);
					};
					[].push.apply(wPlugins, node.querySelectorAll('object, embed'));
				});
			});
			initializer(wPlugins);
		})).observe(document, {
			childList: true, 
			subtree: true, 
		});
	
		function initializer(plugins) {
			plugins.forEach(function(plugin) {
				if (plugin._reinitialized === true) {
					return;
				}
				plugin._reinitialized = true;
				var p = plugin.parentNode;
				var s = plugin.previousSibling;
				p.removeChild(plugin);
				setTimeout(function() {
					p.insertBefore(plugin, s);
				}, 20);
			});
		}
	</script>
</head>
<body>
<embed style="" class="" name="Player" id="Player" src="http://www.91jucai.com/ckplayer/ckplayer.swf" flashvars="a=XOTI4NDY2MDc2_wd1" quality="high" allowscriptaccess="always" allowfullscreen="true" type="application/x-shockwave-flash" align="middle" width="550" height="400">
</body>
</html>

Re: specific javascript code will crash firefox

Posted: Sat Apr 11, 2015 1:28 pm
by therube
Seems to only happen if file:// is specifically Allowed.

The Windows end of the crash says it is plugin-container.exe that is crashing.
Haven't gotten the (SeaMonkey) crash report to generate, yet.

https://crash-stats.mozilla.com/report/ ... 2432150411
https://crash-stats.mozilla.com/report/ ... d612150411

Which points to Bug 1149891 - crash in CSPService::ShouldLoad(unsigned int, nsIURI*, nsIURI*, nsISupports*, nsACString_internal const&, nsISupports*, nsIPrincipal*, short*) from userscript.
https://bugzilla.mozilla.org/show_bug.cgi?id=1149891

Does not crash if NoScript is disabled.

With NoScript enabled, once you Allow file:// the crash is instantaneous.


In the bug, presumably having greasemonkey installed, like having NoScript installed here, is necessary to cause the crash.


SeaMonkey 2.33.1, Win7 x64, NoScript 2.6.9.20rc2.

Re: specific javascript code will crash firefox

Posted: Sat Apr 11, 2015 4:55 pm
by barbaz
What is that code "supposed" to do?
Does the crash still happen if you allow all Flash from 91jucai dot com?
Is the Flash object immaterial (meaning, can it be any Flash object)?
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited