[tor-bugs] #16397 [Tor Browser]: Tor Browser closes unexpectedly
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jun 18 18:04:29 UTC 2015
#16397: Tor Browser closes unexpectedly
-------------------------+-------------------------------------------------
Reporter: mcap | Owner: mcs
Type: defect | Status: needs_review
Priority: | Milestone:
critical | Version:
Component: Tor | Keywords: tbb-crash, tbb-usability-website,
Browser | TorBrowserTeam201506R
Resolution: | Parent ID:
Actual Points: |
Points: |
-------------------------+-------------------------------------------------
Changes (by mcs):
* keywords: tbb-crash, tbb-usability-website => tbb-crash, tbb-usability-
website, TorBrowserTeam201506R
* status: assigned => needs_review
Comment:
A fix is available here:
https://gitweb.torproject.org/user/brade/tor-
browser.git/commit/?h=bug16397-01&id=2c1d0dada80bad43abba0f4a9d283bf5dc02c201
Please review.
This crash was in nsXMLContentSink.cpp (first change in our patch). But
Kathy and I tried hard to locate each place where the Mozilla code assumed
that a <script> element could be QI'd to an nsIScriptElement, and then we
fixed the unsafe pointer dereferences.
I think this fix can wait for our next scheduled release. But it is a
NULL pointer dereference and a potential denial of service for users who
have the security slider set to the high setting.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16397#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list