Summary: Crash on a very long url in internal pages line about:neterror
Creator:Lostmon Date:2010-07-31 14:28:13
Project:K-Meleon Owner:.Nobody
Status:Unconfirmed Severity:Normal
Version:1.5.4 Target Version:Unknow

User-agent: K-Meleon/1.5.4

K-Meleon is prone vulnerable to a hang all time , or crash insome cases with a
very long URL.
Internal web pages like about:neterror does not limit the amount of chars that
a user put in 'c' 'd' params and them if we compose a malformed url the browser
can be hang easy.
This issue is exploitable via web links like <a href="very long URL">click
here</a> or via window.location.replace('very long url')
i have tested it in K-meleon 1.5.3 on windows xp and 1.5.4 on windows 7 and in all cases K-Meleon chashes

Lostmon  2010-07-31 14:30:25
similar situation in firefox see bugzilla =>
for a test case.

SourceForge Logo