Firefox 1.5 vulnerability



Incidents.org has reported on the first announced vulnerability with Mozilla Firefox 1.5 since it’s release. The vulnerability is along these lines. History of visited sites is kept in a file called history.dat IF a URL for a visited site is long enough it will cause a buffer overflow and denial of service. (After visiting such a url, the browser will crash on each attempted start. (until history.dat is deleted.))


There is proof of concept code, there is also speculation that it could be made to do worse (malicious code execution.) No fix is available yet. I’ll be eager to see how quickly firefox responds.

There is a possible workaround…

POSSIBLE WORKAROUND

However, the following is a workaround that should work (if it doesn’t let me know). Go to Tools -> Options.

Select the Privacy Icon, and then the History tab. Set the number of days to save pages at 0. This will disable writing anything to history.dat as far as I can tell, and should nullify the exploit.

Related Posts

Blog Traffic Exchange Related Posts
  • Firefox zero-day vulnerability (or is it?) I saw a comment somewhere else that zero-day was overused and in essense ANY previously unknown vulnerability in open source software is technically zero day... the intent here though is to use the word in this context.... "vulnerability has been released without giving the vendor an opportunity to patch..." Yes,......
  • Adobe Acrobat vulnerabilities.... According to The Register among other sources, there is a vulnerability in all Acrobat and Reader software prior to the following safe release numbers: Windows and Mac Reader users please install 7.0.3 or 6.0.4 to be fixed (all other 7 series and 6 series versions are vulnerable). Acrobat users on......
  • Internet Explorer in standalone mode? Now, it can be useful to run several versions of the same program at the same time (especially if it's a web browser.) I've accomplished this under linux with internet explorer, but didn't realize there was a way to do so on Windows. Sunbelt blog found a good guide to......
Blog Traffic Exchange Related Websites
  • iPhone, Firefox, Safari, IE8 Pwned! The three day Pwn2Own contest at the CanSecWest security show is on. And at the end of the day, 3 major browsers, Firefox, Safari and IE8 were successfully exploited. Also a non-jailbroken iPhone was also hacked and its SMS database was stolen. Vincenzo Iozzo and Ralf Philipp Weinmann redirected an......
  • Favicon for your Site / Blog Every once in a while when you bookmark a Web page in Internet Explorer / Firefox an interesting thing happens. A strange image appears in your bookmark menu and before the URL in your browser's address line. This is a "branded icon" — a special custom graphic that is associated......
  • Microsoft Security Bulletin Summary for July 2010 MS10-042 - Vulnerability in Help and SupportCenter Could Allow Remote Code Execution (2229593) "This security update resolves a publicly disclosed vulnerability in the Windows Help and Support Center feature that is delivered with supported editions of Windows XP and Windows Server 2003. This vulnerability could allow remote code execution if......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site