Firefox 1.5 vulnerability



Incidents.org has reported on the first announced vulnerability with Mozilla Firefox 1.5 since it’s release. The vulnerability is along these lines. History of visited sites is kept in a file called history.dat IF a URL for a visited site is long enough it will cause a buffer overflow and denial of service. (After visiting such a url, the browser will crash on each attempted start. (until history.dat is deleted.))


There is proof of concept code, there is also speculation that it could be made to do worse (malicious code execution.) No fix is available yet. I’ll be eager to see how quickly firefox responds.

There is a possible workaround…

POSSIBLE WORKAROUND

However, the following is a workaround that should work (if it doesn’t let me know). Go to Tools -> Options.

Select the Privacy Icon, and then the History tab. Set the number of days to save pages at 0. This will disable writing anything to history.dat as far as I can tell, and should nullify the exploit.

Related Posts

Blog Traffic Exchange Related Posts
  • More on Explorer vulnerability Among other things... Sans has lowered the infocon to green, NOT that the threat is diminished, but there have been no new developments with regards to the announcement yesterday of a major Internet Explorer security vulnerability. Sans recommends browsing the web with firefox (with the noscript extension, so you can......
  • Firefox code under the microscope So, the stories are out of the analysis of the code for Mozilla Firefox. It seems there were a large number of potential flaws found (71 potential security vulnerabilities) according to the article. This was done using an automated tool and many say, that in order to evaluate the true......
  • Microsoft vulnerability whack-a-mole continues..... Translation - Microsoft patched one vulnerability another surfaces.... Incidents.org brings us the frustrating news.... If you remember the month of browser bugs series of exploits back in July, there was a denial of service there that appears to have code execution after all. Coincidence or not, it got publicly released......
Blog Traffic Exchange Related Websites
  • Gmail Exploit May Lead to Domain Hijacking Hii all Gmail users/lovers, A Gmail security vulnerability may allow an attacker to set up filters on users' e-mail accounts without their knowledge, according to a proof of concept posted Sunday at GeekCondition.com. In his post, Brandon writes that the vulnerability has caused some people to lose their domain names......
  • Favicon for your Site / Blog Every once in a while when you bookmark a Web page in Internet Explorer / Firefox an interesting thing happens. A strange image appears in your bookmark menu and before the URL in your browser's address line. This is a "branded icon" — a special custom graphic that is associated......
  • The Harmonica in American History The Harmonica was not originally developed in America, but rather saw the beginning of life in Germany. However, the Harmonica has a rich history in North America, and contributed heavily to the history of music in America as well. Hohner began to manufacture harmonicas in 1857, and shortly after this......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site