Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 100535 - extremely long url gets mozilla to stop responding
extremely long url gets mozilla to stop responding
Product: Fedora
Classification: Fedora
Component: mozilla (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Christopher Aillon
Ben Levenson
Depends On:
  Show dependency treegraph
Reported: 2003-07-23 03:20 EDT by Alexandre Oliva
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-10-29 09:10:57 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Mangled URL displayed after the search is submitted (6.20 KB, image/png)
2003-08-26 00:02 EDT, Alexandre Oliva
no flags Details

  None (edit)
Description Alexandre Oliva 2003-07-23 03:20:35 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030703

Description of problem:
A huge URL, like one created with a brain-dead bugzilla query, gets mozilla into
a very confused state.  This might be exploitable.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Enter the simple query page at https://bugzilla.redhat.com
2.Choose say Red Hat Linux Beta, beta1, then select all packages in the list
(click on first package, scroll to the last one and shift-click on it)
3.Submit the query
4.Click on `back'

Actual Results:  The URL displayed after step 3 is completely garbled, as if a
random bitmap had been drawn in its place.  The server rejects such a long URL,
but that's fine.  After clicking on the back button, mozilla starts consuming
CPU like crazy, and it won't refresh its window any more, and has to be killed.

Expected Results:  At least part of the URL should be displayed properly, and
going back shouldn't hang the browser.

Additional info:

Dunno if this matters, but my mozilla is configured to use a local squid as the
http proxy.
Comment 1 Christopher Blizzard 2003-08-25 13:57:31 EDT
Do you have a screenshot?
Comment 2 Alexandre Oliva 2003-08-26 00:02:43 EDT
Created attachment 93924 [details]
Mangled URL displayed after the search is submitted
Comment 3 Warren Togami 2003-09-21 07:26:24 EDT
I have reproduced this accidentally a few times recently, but it seems extremely
rare and difficult to trigger.
Comment 4 Alexandre Oliva 2003-10-19 16:24:37 EDT
mozilla-1.4.1-10 seeme to no longer hang after `back', but the URL is still garbled.
Comment 5 Josh Bressers 2004-06-18 13:15:04 EDT
I'm removing the security severity, this does not appear to be a
security related issue.
Comment 6 John Thacker 2006-10-29 09:10:57 EST
Please note that FC1 and FC2 are no longer supported even by Fedora Legacy, and
that FC3 and FC4 are supported by Fedora Legacy only for security issues. 
Please install a still supported version and retest.  If this still occurs on
FC3 or FC4 and is a security issue, please reopen the bug and assign it to that
version and Fedora Legacy.  If it still occurs on FC5, please reopen and assign
to the correct version.  

mozilla was removed from FC6, although the seamonkey application suite,
available from Fedora Extras, is derived from it.  Similar bugs may also be
present in firefox, so if the bug occurs with firefox in FC6, the bug should be
reassigned to FC6 and the firefox component.

Note You need to log in before you can comment on or make changes to this bug.