More on Firefox 1.5 “vulnerability”



I put vulnerability in quotes because it’s looking less like a problem. (Correct me if I’m wrong.) Here’s the situation. Both Sans and Mozilla have failed to duplicate the crash although have duplicated extremely slow browser performance. Here’s the official response from mozilla.org…

We have investigated this issue and can find no basis for claims that variants of this denial-of-service attack can cause an exploitable crash, and no evidence for this claim has been offered. There does not appear to be any risk to users or their computers beyond the temporary unresponsiveness at startup.


Along with Sans findings…

The machine I was testing this on has McAfee Enterprise 8, and Firefox would not crash. Despite my valiant efforts in disabling the protection, I couldn’t get it to crash. While annoyed that I couldn’t (short of uninstalling) get the protection disabled, it probablly is a good thing. I’ll test more when I get in the office tomorrow and have more machines to play with.

This seems to be more of a denial of service than a true buffer overflow. It looks like Firefox just chokes on page topics that are too long. Some people it hangs, other people it crashes.

Once again here are sans updated workarounds…

WORKAROUNDS:

However, the following is a workaround that should work (if it doesn’t let me know). Go to Tools -> Options.

Select the Privacy Icon, and then the History tab. Set the number of days to save pages at 0. This will disable writing anything to history.dat as far as I can tell, and should nullify the exploit. Readers have confirmed that this workaround does prevent the buffer overflow. You can also change your privacy settings to delete personal info when you close Firefox.

Another workaround is to modify prefs.js while Firefox has not been started and put in the line:

user_pref(“capability.policy.default.HTMLDocument.title.set”,”noAccess”);

Lastly, you can also run the NoScript extension, found here. (Which I have not looked at in depth.) However, there are other ways of exploiting this where NoScript might not work.

Some users have reported being unable to reproduce this error. I will test more to try to establish what makes this work and not. So far it appears Mac users are not affected by this.

HOW TO LOCATE THE PROFILE FOLDER:

If you need to delete your history.dat file (in case you tested this PoC code), it can be difficult to locate where exactly this file is.
You can find instructions for locating the profile folder at the following URL: http://www.mozilla.org/support/firefox/edit#profile.

Mozilla.org suggests….

Deleting the item from history

Open History from the Go menu
Select the item with the long title
Press the delete button

Clearing all history data

In Firefox 1.5
Select “Clear Private Data” from the Tools menu
Check the “Browsing History” box and press the “Clear Private Data Now” button
In Firefox 1.0 (also works in 1.5)
Select “Options” from the “Tools” menu
On the “Privacy” tab select “History”
Press the Clear button in the History section

So, if nothing changes, that’s the way to deal with this. It’s worth noting that the Proof of concept code had a URL with 2.5 million characters. If a site with a URL that long has been visited (is in history), it may take several minutes for Firefox 1.5 to startup.


Related Posts

Blog Traffic Exchange Related Posts
  • How to Remove Eco Antivirus 2010 | Eco Antivirus 2010 Removal Guide Eco Antivirus 2010 is a slight twist (renaming) of the recent Eco Antivirus rogue that has made the rounds. These rogues pretend to be antivirus, or antispyware software, but in reality are not much more than a scam trying to squeeze money out of unsuspecting computer users. These rogue applications......
  • Tools of the trade - Compactflash card reader I've probably mentioned before that I like the compactflash format for "digital media". My camera uses Compactflash, so does the nexia audio player I use and the old used pda I've got, uses compactflash, so.... I have a variety of cards around, I've got an 8MB, 32MB, 64MB, 128MB, 512MB......
  • Mozilla Firefox 1.0x series end of life.... The Mozilla Firefox 1.0.x series will no longer be supported with security updates. IF you use Firefox as your web browser, make sure you're using the current version in the 1.5 series (currently 1.5.0.3). You can find what your current version is by going to Help, "About Mozilla Firefox". The......
Blog Traffic Exchange Related Websites
  • SEO Link Construction You will find two sides of the coin to search engine optimization. The foremost is optimizing your webpage for its specified keywords phrases. The second part of search engine optimization (SEO) is off-site where you need to develop link building pointing back towards the same page you just optimized.......
  • Harps Throughout History Harps are a musical instrument that is played all throughout a great deal of the world. Consider the fact that in Africa alone there are more than one hundred and fifty different distinct traditions involving the harp. The harp's ancestor is suggested to be a hunting bow, but the history......
  • Book Review: World Atlas of Golf - The Greatest Courses and How They are Played Mark Rowlinson The World Atlas of Golf was first published more than 30 years ago, and since then, each and every addition has revealed to golfers the best courses available. This latest edition gives the fully informative treatment to over 70 courses, giving the treatment to courses that have not yet graced......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Leave a Reply

You must be logged in to post a comment.


Switch to our mobile site