Firefox 1.5 vulnerability



Incidents.org has reported on the first announced vulnerability with Mozilla Firefox 1.5 since it’s release. The vulnerability is along these lines. History of visited sites is kept in a file called history.dat IF a URL for a visited site is long enough it will cause a buffer overflow and denial of service. (After visiting such a url, the browser will crash on each attempted start. (until history.dat is deleted.))


There is proof of concept code, there is also speculation that it could be made to do worse (malicious code execution.) No fix is available yet. I’ll be eager to see how quickly firefox responds.

There is a possible workaround…

POSSIBLE WORKAROUND

However, the following is a workaround that should work (if it doesn’t let me know). Go to Tools -> Options.

Select the Privacy Icon, and then the History tab. Set the number of days to save pages at 0. This will disable writing anything to history.dat as far as I can tell, and should nullify the exploit.

Related Posts

Blog Traffic Exchange Related Posts
  • Internet Explorer in standalone mode? Now, it can be useful to run several versions of the same program at the same time (especially if it's a web browser.) I've accomplished this under linux with internet explorer, but didn't realize there was a way to do so on Windows. Sunbelt blog found a good guide to......
  • Firefox zero-day vulnerability (or is it?) I saw a comment somewhere else that zero-day was overused and in essense ANY previously unknown vulnerability in open source software is technically zero day... the intent here though is to use the word in this context.... "vulnerability has been released without giving the vendor an opportunity to patch..." Yes,......
  • Windows Police Pro Yes folks, it's Windows Police Pro, the gift that keeps on giving apparently. It's crawled back into Googles top searches tonight. If you want to see how to remove it look at Windows Police Pro Removal, you may be interested in Who is behind Windows Police Pro and probably will......
Blog Traffic Exchange Related Websites
  • Gmail Exploit May Lead to Domain Hijacking Hii all Gmail users/lovers, A Gmail security vulnerability may allow an attacker to set up filters on users' e-mail accounts without their knowledge, according to a proof of concept posted Sunday at GeekCondition.com. In his post, Brandon writes that the vulnerability has caused some people to lose their domain names......
  • Favicon for your Site / Blog Every once in a while when you bookmark a Web page in Internet Explorer / Firefox an interesting thing happens. A strange image appears in your bookmark menu and before the URL in your browser's address line. This is a "branded icon" — a special custom graphic that is associated......
  • The Harmonica in American History The Harmonica was not originally developed in America, but rather saw the beginning of life in Germany. However, the Harmonica has a rich history in North America, and contributed heavily to the history of music in America as well. Hohner began to manufacture harmonicas in 1857, and shortly after this......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site