Red Hat Bugzilla – Bug 100535
extremely long url gets mozilla to stop responding
Last modified: 2007-11-30 17:10:31 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030703
Description of problem:
A huge URL, like one created with a brain-dead bugzilla query, gets mozilla into
a very confused state. This might be exploitable.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.Enter the simple query page at https://bugzilla.redhat.com
2.Choose say Red Hat Linux Beta, beta1, then select all packages in the list
(click on first package, scroll to the last one and shift-click on it)
3.Submit the query
4.Click on `back'
Actual Results: The URL displayed after step 3 is completely garbled, as if a
random bitmap had been drawn in its place. The server rejects such a long URL,
but that's fine. After clicking on the back button, mozilla starts consuming
CPU like crazy, and it won't refresh its window any more, and has to be killed.
Expected Results: At least part of the URL should be displayed properly, and
going back shouldn't hang the browser.
Dunno if this matters, but my mozilla is configured to use a local squid as the
Do you have a screenshot?
Created attachment 93924 [details]
Mangled URL displayed after the search is submitted
I have reproduced this accidentally a few times recently, but it seems extremely
rare and difficult to trigger.
mozilla-1.4.1-10 seeme to no longer hang after `back', but the URL is still garbled.
I'm removing the security severity, this does not appear to be a
security related issue.
Please note that FC1 and FC2 are no longer supported even by Fedora Legacy, and
that FC3 and FC4 are supported by Fedora Legacy only for security issues.
Please install a still supported version and retest. If this still occurs on
FC3 or FC4 and is a security issue, please reopen the bug and assign it to that
version and Fedora Legacy. If it still occurs on FC5, please reopen and assign
to the correct version.
mozilla was removed from FC6, although the seamonkey application suite,
available from Fedora Extras, is derived from it. Similar bugs may also be
present in firefox, so if the bug occurs with firefox in FC6, the bug should be
reassigned to FC6 and the firefox component.