Maker tech hub — AI · 3D print · Pi · ESP32 · plus the classic tech archive.

Free ESP32 kit · Books · Network Ninja · Archive

Classic tech archive. From the original averyjparker.com tech blog — historical context; pair with modern guides where noted. Full archive · Maker projects · Network Ninja

Classic tip · Classic

Firefox 1.5 vulnerability

Incidents.org has reported on the first announced vulnerability with Mozilla Firefox 1.5 since it's release. The vulnerability is along these lines. History of visited sites is kept in a file called …

Written by

Avery J. Parker

IT veteran, maker educator, and author of Network Ninja, 3D Printing Mastery, and AI Workflow Mastery. Business IT: Diversified Tech Solutions.

Incidents.org has reported on the first announced vulnerability with Mozilla Firefox 1.5 since it's release. The vulnerability is along these lines. History of visited sites is kept in a file called history.dat IF a URL for a visited site is long enough it will cause a buffer overflow and denial of service. (After visiting such a url, the browser will crash on each attempted start. (until history.dat is deleted.)) There is proof of concept code, there is also speculation that it could be made to do worse (malicious code execution.) No fix is available yet. I'll be eager to see how quickly firefox responds. There is a possible workaround...
POSSIBLE WORKAROUND However, the following is a workaround that should work (if it doesn't let me know). Go to Tools -> Options. Select the Privacy Icon, and then the History tab. Set the number of days to save pages at 0. This will disable writing anything to history.dat as far as I can tell, and should nullify the exploit.