Opened 2 years ago

Last modified 2 years ago

#23214 new defect

Defend against stack overflow due to overly deep nested (unclosed) XML tags

Reported by: gk Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-crash
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

There are several ways to get Tor Browser crashed due to missing mitigations while dealing with overly deep nested XML tags (see: https://bugzilla.mozilla.org/show_bug.cgi?id=485941 for an example). For Mozilla this is just annoying but depending on the circumstances we might come to a different conclusion due to our different threat model.

We should try to come up with something that handles those cases more gracefully and in a less dangerous way.

Child Tickets

Change History (2)

comment:1 Changed 2 years ago by gk

https://bugzilla.mozilla.org/show_bug.cgi?id=1311596 is another somewhat unrelated DoS vector...

Note: See TracTickets for help on using tickets.