Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: firefox (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/615138
Title:
Bad applet kills Gnome desktop session on Firefox page load
Status in “firefox” package in Ubuntu:
Confirmed
Bug description:
A crafted (or just malformed) applet in a page can cause not only the
applet's Java VM, but also the Firefox browser and your entire Gnome
windows session to die, losing all your work.
READ THE ABOVE LINE and save your work BEFORE you visit the following URL...
http://cefn.com/blog/processing.html
The processing applet takes a while to load so if you're still reading
this page and don't want your desktop killed then Ctrl+Q your browser
or close the window/tab the URL is loading in.
Scrolling the window seems to contribute to the crash, so if you're
actually trying to crash it, then try moving the scrollbars or page up
and down.
Hopefully this crash is restricted to people with certain video cards
or something, but if it's as widely experienced as I fear, then an
invisible applet in a page could act as an attack to bring Ubuntu
users' entire desktop sessions down, although there's no evidence it
provides a means of code execution.
The processing.org source code used to create the applet is shown at
the offending URL, but was intended as a programming tutorial, so it
really isn't very complex and has no deliberately threatening code in
it. I suspect it's just the nature of the rendering used which creates
the problem. This could fall into an Xorg, java or firefox triage
queue, as they all contribute.
Although this 'attack' does require you to visit a URL, in my view it
shouldn't be possible for someone to smuggle an applet tag into a page
and kill your desktop remotely using the the browser in its default
configuration.
I experienced this with sun-java6-plugin installed and without, on two
different laptop machines - one Dell, one Lenovo. They both have
cheapo Intel graphics cards, though.
A way forward in the short term could be to distribute a plugin with
Firefox which blocks java content by default. If it was configurable
to block flash and silverlight too then it could be considered an
Ubuntu feature to have this installed and configurable by default.
Emerging developments in the separate threading of Firefox and Firefox
plugins may mitigate this kind of issue, although I fear in this
particular case the applet steps through all these layers and is able
to trigger a fairly low level hardware rendering bug.
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: firefox 3.6.8+build1+nobinonly-0ubuntu0.10.04.1
ProcVersionSignature: Ubuntu 2.6.32-24.39-generic 2.6.32.15+drm33.5
Uname: Linux 2.6.32-24-generic i686
NonfreeKernelModules: wl
Architecture: i386
Date: Sun Aug 8 22:16:25 2010
EcryptfsInUse: Yes
FirefoxPackages:
firefox 3.6.8+build1+nobinonly-0ubuntu0.10.04.1
firefox-gnome-support 3.6.8+build1+nobinonly-0ubuntu0.10.04.1
firefox-branding 3.6.8+build1+nobinonly-0ubuntu0.10.04.1
abroswer N/A
abrowser-branding N/A
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100429)
ProcEnviron:
LANG=en_GB.utf8
SHELL=/bin/bash
SourcePackage: firefox
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/615138/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
