Opened 3 years ago

Last modified 3 years ago

#23214 new defect

Defend against stack overflow due to overly deep nested (unclosed) XML tags

Reported by: gk Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-crash
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


There are several ways to get Tor Browser crashed due to missing mitigations while dealing with overly deep nested XML tags (see: for an example). For Mozilla this is just annoying but depending on the circumstances we might come to a different conclusion due to our different threat model.

We should try to come up with something that handles those cases more gracefully and in a less dangerous way.

Child Tickets

Change History (2)

comment:1 Changed 3 years ago by gk is another somewhat unrelated DoS vector...

Note: See TracTickets for help on using tickets.