«
»

Firefox 1.5 vulnerability



Incidents.org has reported on the first announced vulnerability with Mozilla Firefox 1.5 since it’s release. The vulnerability is along these lines. History of visited sites is kept in a file called history.dat IF a URL for a visited site is long enough it will cause a buffer overflow and denial of service. (After visiting such a url, the browser will crash on each attempted start. (until history.dat is deleted.))


There is proof of concept code, there is also speculation that it could be made to do worse (malicious code execution.) No fix is available yet. I’ll be eager to see how quickly firefox responds.

There is a possible workaround…

POSSIBLE WORKAROUND

However, the following is a workaround that should work (if it doesn’t let me know). Go to Tools -> Options.

Select the Privacy Icon, and then the History tab. Set the number of days to save pages at 0. This will disable writing anything to history.dat as far as I can tell, and should nullify the exploit.

Popularity: 1% [?]

PDF Download    Send article as PDF   
Blog Traffic Exchange Related Posts
  • Firefox Security Vulnerabilities. In the spirit of a fair look at Mozilla Firefox (after doing a bit of a roasting of IE's security), I've taken a look at Secunia's analysis of Firefox. Currently there are 3 unpatched vulnerabilities on Firefox. This is the summary graphic for what has been addressed since 2003. I......
  • More on Firefox 1.5 "vulnerability" I put vulnerability in quotes because it's looking less like a problem. (Correct me if I'm wrong.) Here's the situation. Both Sans and Mozilla have failed to duplicate the crash although have duplicated extremely slow browser performance. Here's the official response from mozilla.org... We have investigated this issue and can......
  • Adobe Acrobat vulnerabilities.... According to The Register among other sources, there is a vulnerability in all Acrobat and Reader software prior to the following safe release numbers: Windows and Mac Reader users please install 7.0.3 or 6.0.4 to be fixed (all other 7 series and 6 series versions are vulnerable). Acrobat users on......
Blog Traffic Exchange Related Websites
  • Gmail Exploit May Lead to Domain Hijacking Hii all Gmail users/lovers, A Gmail security vulnerability may allow an attacker to set up filters on users' e-mail accounts without their knowledge, according to a proof of concept posted Sunday at GeekCondition.com. In his post, Brandon writes that the vulnerability has caused some people to lose their domain names......
  • Microsoft Security Bulletin Summary for July 2010 MS10-042 - Vulnerability in Help and SupportCenter Could Allow Remote Code Execution (2229593) "This security update resolves a publicly disclosed vulnerability in the Windows Help and Support Center feature that is delivered with supported editions of Windows XP and Windows Server 2003. This vulnerability could allow remote code execution if......
  • Window Glazing Repairs If you're not ready to sink money into replacement windows but your windows are drafty and in poor shape, you can make simple window glazing repairs yourself. Also known as reglazing, this is simply the removal of the old glazing (the putty around the panes of glass) and application of......

Similar Posts


This entry was posted on Wednesday, December 7th, 2005 at 9:14 pm and is filed under Computers, Linux, Security, Software, Windows. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.

See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.

Switch to our mobile site