Firefox 1.5 vulnerability



Incidents.org has reported on the first announced vulnerability with Mozilla Firefox 1.5 since it’s release. The vulnerability is along these lines. History of visited sites is kept in a file called history.dat IF a URL for a visited site is long enough it will cause a buffer overflow and denial of service. (After visiting such a url, the browser will crash on each attempted start. (until history.dat is deleted.))


There is proof of concept code, there is also speculation that it could be made to do worse (malicious code execution.) No fix is available yet. I’ll be eager to see how quickly firefox responds.

There is a possible workaround…

POSSIBLE WORKAROUND

However, the following is a workaround that should work (if it doesn’t let me know). Go to Tools -> Options.

Select the Privacy Icon, and then the History tab. Set the number of days to save pages at 0. This will disable writing anything to history.dat as far as I can tell, and should nullify the exploit.

Related Posts

Blog Traffic Exchange Related Posts
  • Firefox zero-day vulnerability (or is it?) I saw a comment somewhere else that zero-day was overused and in essense ANY previously unknown vulnerability in open source software is technically zero day... the intent here though is to use the word in this context.... "vulnerability has been released without giving the vendor an opportunity to patch..." Yes,......
  • Firefox Security Vulnerabilities. In the spirit of a fair look at Mozilla Firefox (after doing a bit of a roasting of IE's security), I've taken a look at Secunia's analysis of Firefox. Currently there are 3 unpatched vulnerabilities on Firefox. This is the summary graphic for what has been addressed since 2003. I......
  • Internet Explorer in standalone mode? Now, it can be useful to run several versions of the same program at the same time (especially if it's a web browser.) I've accomplished this under linux with internet explorer, but didn't realize there was a way to do so on Windows. Sunbelt blog found a good guide to......
Blog Traffic Exchange Related Websites
  • The Harmonica in American History The Harmonica was not originally developed in America, but rather saw the beginning of life in Germany. However, the Harmonica has a rich history in North America, and contributed heavily to the history of music in America as well. Hohner began to manufacture harmonicas in 1857, and shortly after this......
  • iPhone, Firefox, Safari, IE8 Pwned! The three day Pwn2Own contest at the CanSecWest security show is on. And at the end of the day, 3 major browsers, Firefox, Safari and IE8 were successfully exploited. Also a non-jailbroken iPhone was also hacked and its SMS database was stolen. Vincenzo Iozzo and Ralf Philipp Weinmann redirected an......
  • Gmail Exploit May Lead to Domain Hijacking Hii all Gmail users/lovers, A Gmail security vulnerability may allow an attacker to set up filters on users' e-mail accounts without their knowledge, according to a proof of concept posted Sunday at GeekCondition.com. In his post, Brandon writes that the vulnerability has caused some people to lose their domain names......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site