Slashdot Mirror
Mozilla Firefox 1.0.7 DoS Exploit
An anonymous reader writes "Whitedust Security are reporting on a new exploit for Firefox which apparently affects all versions of the browser from 1.0.7 down. From the article: "If this exploit has made it out into, or indeed been retrieved from the wild is unknown at this time. However it is clear that this exploit will indeed need patching as soon as possible.""
A 1.0.7 exploit that only affects everything below 1.0.7!
I checked out the Mozilla site -- not a peep about it. I made a post there. I figure this one totally right hooked them. It's a pretty massive crash. Just makes the whole browser lock up. At least I know they'll fix it fast though...I think in 24 hours we'll see a turn around. Anyone try this with version 1.5?
Help me, help you. - Jerry McGuire
Mozilla Thunderbird 1.0.6 is also vunerable.
SIG: TAKE OFF EVERY 'CAPTAIN'!!
>>Whitedust Security are reporting on a new exploit for Firefox which apparently affects all version of the >>browser below 1.0.7. From the article:
contrary to how the article makes it sound, 1.0.7 is indeed affected by this.
I'm running 1.5 as firefox states, if i'm right that version 1.0.7 is very old!
firefox is cool, stop digging up old sh*t!
Why are there so many nice hackers in the world? Willing to spend their time finding exploits, post them, and even a "safe" example. Do they take pride in helping the surfing community? Why don't they just hijack the world's browsers and make us choose between "Yes" and "Okay" on their PayPal deposit sites?
Where are the evil hackers, or have they all converted, scared about stiff http://news.bbc.co.uk/1/hi/technology/4249780.stm penalties?
~jennifer.k~
OMG there is an exploit for firefox but we don't know anything about it but it might be dangerous. i need to switch back to IE maybe...
How long has a webpage that makes a browser crash been called a "Denial Of Service Exploit".
A browser that can be crashed is a very bad thing, but suggesting this is some sort of "Denial Of Service" attack, is just semantics. It doesn't crash the box, and it doesn't flood/break the network. Every other service on your machine runs as normal. That's not a Denial Of Service by the usual definition of the term.
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
What follows is the source code made avaliable on the site.
:(
Mozilla
# milw0rm.com [2005-10-16]
I have 1.0.7 and it caused me to crash
Have you metaroderated recently?
There isn't much incentive for malicious people to crash people's browsers.
The wording from the security company has me thinking they're just trying to make a name for themselves.
This can freeze your browser.
Wheres the vulnerability? when does the spyware attack? Do I need to reinstall Windows?
Should I buy a virus checker?
Anyone stupid enough to host this "exploit" on their site are just dumb,
"oooooh it makes your firefox freeze" BFD - stay away from dodgy parts of the net
(goatse is a bigger "exploit" and generally leads to complete machine shutdown/restart as you attempt to hide it from your colleagues)
liqbase
1.0.7 is the current stable release. 1.5 is beta.
And after I clicked on it, nothing happened, the browser just said: mozilla
Apparently firfox 1.0.7 on linux is not affected. So not all versions of firefox are affected.
Advisory: Install linux, then restart your browser and have fun.
My wife's sketchblog Blob[p]: Gastrono-me
It's for all firefoxes BELOW 1.0.7. The topic title suggests the exact opposite, that it's only for 1.0.7.
The exploit is:
t ml>
<html><body><strong>Mozilla<sourcetext></body></h
and it also makes Mozilla suite 1.7.12 hang.
The sourcetext tag is used when a parser error occurs; the Mozilla DOMParser will accept any string and always returns a valid XML DOM object, but in the case that the string was malformed, it returns something like this:
<parsererror xmlns="http://www.w3.org/1999/xhtml">XML Parsing Error: mismatched tag. Expected: </strong>. Location: file:///1253.html Line Number 3, Column 37:<sourcetext> (text here) </sourcetext></parsererror>
which you may have seen formatted before in a nice red-on-yellow page.
I guess I'll just stick with Konqueror.
Despite the article summary if you click through and read it you'd find that there is code out there.
Danger Will Robinson test your firefox Danger Will Robinson
Your hair look like poop, Bob! - Wanker.
Simply shows the word Mozilla when the test web site is loaded in Beta 2. I guess they have already taken care of it in the Beta release
whenever there is a firefox exploit, /. is understanding, and people say things like "well no software is perfect... its rare and hard to do, not really an explot... ". When there is an IE exploit its, "MS Sucks, IE Sucks, and if you use IE your computer is going to blow up, not to mention global warming will continue"...
I exaggerated a bit there, but you know what I'm saying. Why not offer equal critiques, and understanding, for any product regardless. I have a few macs for web testing but don't really like them, but it doesn't stop me from saying that there are some things that apple does a damm good job with. IE isn't a horrible web browser, it may not be as cutting edge with functionality today as firefox, but it isn't all bad. And before you scream standards, only do it if you include safari, and all the other browsers that have "standards" problems.
Any of the dozens of known crash bugs in the public bugzilla database can be used to DoS Firefox. One more way to crash is hardly newsworthy. If it only affects pre-1.0.7 versions, it's been patched anyway!
My server
...it shows an "update" icon, which updates when clicked. How much easier could it be without hijacking your system to do it for you?
And this has what to do with a vulnerability in Firefox exactly? Upon RTFA, the exploit appears to be a one-liner - is that it....?!?! (And, no, I'm not going to run it to find out thank you very much.) GC
1.5 is a BETA version which Mozilla only recommends bleeding-edge types and extention developers use.
Comment removed based on user account deletion
Indeed is indeed used far too many times in the headline... indeed.
...the RIAA has finally managed to lock up all malicious computer users. It's about time!
So this makes your browser crash, obviously they have never been treated to an infinite loop of javascript alerts on MSIE.
.innerHTML property? Thats a can of worms, Safari crashed so often while I was doing that code.
My friends hated me for doing that to them... It was worth it.
Anyway, my browser can crash up to 3 times a day from some dodgy javascript. Ever tried coding an AJAX shoutbox using the
I had an imaginary sig once, he said I was a loser and ran off.
to DOS a browser is suprisingly simple
0 );
<script>
setInterval("alert('DOS')",10
</script>
cross platform, crossbrowser exploit, affects all javascript based web browsers
workarounds:
disable javascript
Firefox on Linux randomly crashes during normal web browsing at least a half dozen times per day anyway. What is so significant about another way to make Firefox chew CPU? There are LOTS of ways to do that.
I think you meant "less than," rather than "greater than".
sig
There's not much to it though:
Ah well, not much harm done. Of course, there's nothing to stop Microsoft putting it into MSN deliberately to break the browser, in much the same way they tried to nobble Opera some months back.
Never email donotemail@WeAreSpammers.com
So clicking on a link can lock up the browser. So what?
How is this any different from this, which effectively locks up *all* current browsers?
<script>
while(true){
alert('Haha!');
}
<script>
This is hardly important. I don't see any way this can crash my machine or infect me with a trojan.
PS if you want a fix for the above vote for bug 61098] at bugzilla.
A DOS is, by definition, a vulnerability. Less significant than others, especially for user systems, since you quit firefox and it's fixed, no system change, no arbitrary code running.
Comment removed based on user account deletion
within a week.
I wonder how long it would take Microsoft if this happened to them. What? Theres already dozens of known exploits for the worlds #1 browser, and the multi billion dollar company behind it doesnt do anything about it?
Impossible.
-Copyright law #69:Whenever Mickey Mouse is about to enter the public domain,copyrights get extended by 25 years.
Any ideas as to what is going wrong?
http://www.thebricktestament.com/the_law/when_to_
I think the poll at the top of the page should ask, "Do you trust WhiteDust security?"
Oh, wait - that's what the 'Test the exploit' link is for.
"Our interests are to see if we can't scale it up to something more exciting," he said.
Comment removed based on user account deletion
Great example of more FUD for the fire (no pun intended). Why just post a bug report to the bug list like everyone else when you can make a 'proof of concept' bug, post it on slashdot and increase visitors to your site? No no, we can't go the normal route, that wouldn't make IE look better. All a proof of concept virus does is make all the new people want to flock back to IE
Face it people, Bugs like this are reported and fixed all the time. Just because another person decided to post about their 'proof of concept' on slashdot doesn't mean the world is coming to an end
It's hardly news to be able to DoS a browser. I DoS both FF and IE regularly while working on DHTML scripts, often when I use a debugging "alert" in the wrong place. Try this one and see how much farther you get during your morning browsing:
<html>
<body onmousemove="while(1) alert('ooooh');">
</body>
</html>
Watch out before you run it! You wouldn't want to lose that Xanga post you've been working on.
assuming the Secunia Advisory is referring to the same vulnerability linked to in the /. article, its Critical level is the lowest, Not Critical
do {print "Mini-Geek Rules!\n";}
until ($TheEndOfTheWorld);
Netscape 7.1 [ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) ] locks up too (not suprising, but had to test...)
Yes. Bam! Your web browser locked up!
Further proof that MSIE is the more advanced browser. After all, it doesn't require any additional code to freeze. Plus, it'll temporarily screw up your whole UI while it does!
(Sorry. I hate perpetuating the old MSIE vs. Firefox flamefest, but that joke wrote itself.)
This crasher bug has no effect on my post 1.5 beta 2 version of firefox on Linux. Gecko/20051017. A new crasher bug is also not news. There are hundreds of ways to crash mozilla. Lets face it most browsers aren't at a state to jump every time there is a new bug to crash or "DOS Them" as the article states. Just another security site trying to make themselves look good at a products expense. How much money does it cause companies like the Mozilla Organization to release a new version of their browser, just to put an end to the bad press of a so called "exploit"?
I bet we won't have to wait 'til MS Patch Tuesday for it to come out!
We're all hypocrites. We all have hidden parts, it's the contrast between them that make us more a hypocrite than others
Microsoft should start putting this code in all its mass mailings ;^)
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
To clarify: " And this has what to do with a vulnerability in Firefox exactly? " refers to the parent post. Looks like the quoting I managed to remove the quote from my post. Agreed - a DoS certainly is a vuln.
Well - it's still the same old problem: another bug is found, and all users have to update the software. For most advanced users, this is no problem. However, less computer-savvy users, will have to go through a painful uninstall-reinstall cycle of all Mozilla products. This is painful, and completely a waste of time. The "check for updates" and "download updates" feature is about as useless as tits on a bull. It should have been the first feature to have working properly - rather than try and rush out the door with a browser which now requires constant manual patching.
Don't get me wrong - I am a strong supporter of FOSS. However, I, like a lot of other computer professionals, are getting tired of the constant update cycles for this software. I know, I know - this could just be taken as flamebait for the whole "FOSS is better than closed-source, and vice-versa" debate. It's not - this is the reality of it. How many udpates for Firefox/Moz have we had in the last 3 months? Is this acceptable for a production environment? Why is the testing so poor? I realise that testing a complex piece of software is difficult - but it's not impossible.
And let's suppose it is in the wild and to get infected I don't have to go to some Russian site selling stolen credit cards. Can anyone see how that could be possible? You'd have to go to a site knowingly and maliciously designed to exploit this, right?
OK, I just wasted 15 minutes of time trying to figure out the point of this story.
Whitedust.net's technique of giving the wrong content type to the linked files that contain any real information about this so called exploit causing Firefox to open links in a text viewer was particularly effective.
This may be the largest human DoS attack in recent memory (and slashdot was the vector).
--Barry
A bug enables you to install anything you want on the end-users system without agreement...
htop(top on stereoids): http://htop.sf.net
Since you have to go to a specific web page, with a specific browser ... and the only thing that will happen is that your browser will crash ... is "attack" the correct term for this kind of behaviour?
If you crash your car into a tree, did that tree "attack" you?
If you crash your car when driving over ice, did that ice "attack" you?
If you drive your car off a bridge and into a lake, did that lake "attack" you?
Since you cannot use your car immediately after a crashes, are trees considered a DoS exploit?
while(1) {
open("hi!","about:blank");
alert("you llamma!");
}
-Woof woof woof!
Doesn't even register a hit in CPU usage.
My Firefox 1.0.7 on Gentoo crashed, top showed 80% Cpu-Usage
So the reason why some dont crash has to be somewhere else i guess...
Denial of Sheep. Because when you're browsing your alternative exciting imagery, and your browser crashes, you are denied.
Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
Install better plugins for flash/pdf/etc or just remove the bad plugins. You get the same affect in windows if you're a moron and install the old adobe 5.0 plugin that hangs. When the plugin hangs or uses a lot of cpu it affects the browser.
If you didn't know this I guess the joke is on you. Welcome to russia.
this error with > 1% is seen every time this troll is posted... which has been quite a few times
Indeed it does, indeed, need to be patched. Indeed.
Why is this marked funny? Because it has that Paris Hilton thing at the end? Funny should be used for posts that are entirely a joke. I assumed the OP was serious about the main question.
where there's fish, there's cats
Nothing new.e ssion-bomb-vulnerability.html#Web_browsers
http://www.aerasec.de/security/advisories/decompr
Well, at least Firefox doesn't crash, just takes onto a lot of swapping.
I will use this Firefox post to ask something: I think Firefox has a problem rendering divs.
7 22), And guess what, it was opened on 2004-08-07 14:20 PDT!
If you go to www.netvibes.com and then open one of the "frames" it will maximize, with the standard colors the maximized frame will be over all the page hiding everything else (the expected behaviour), but if you change the page colors (Tools/Options/General/Font & Colors) to Text: White and Background: Black and then select the option "always use my colors" and reload the page [netvibes.com] then maximize again any of the frames and the background will be transparent.
I thought it was a design flaw of the netvibes page but after doing the same (changing the text color to white and background color to white) on Internet Explorer (Tools/Internet Options/Colors), the page (netvibes) is still rendered correctly.
If you wonder why did I changed to those (white text on black bg) you should try it for one day (configure your screen so ALL background colors are black or less than 0x33 [of a total 0xFF] in R,G or B).
Way off topic but anyway there it is.
Oh and BTW, allow me to rant about a Firefox bug that has not been fixed (https://bugzilla.mozilla.org/show_bug.cgi?id=254
Who said OpenSource software was fixed faster than closed source uh?
ok, enough for a rant
Ubuntu is an African word meaning 'I can't configure Debian'
Check out Deer Park, either beta 1 or beta 2. Neither is vulnerable to this.
It just prints Mozilla. Back to the exploit drawing board with you, script kiddies...
insecurity asks the wrong question irritation gives the wrong answer
Ok, this isn't really a security bug. It's a crasher. If this is a security bug, so is this one (you'll likely need to cp/paste into new window to open) that I discovered a few years ago.
IMHO "security" bugs are for ones that have an impact on "security". If it doesn't fit that criteria, it's not a security issue.
A JS permissions exploit would be a security bug. So would the IDN issues, and buffer overflows...
but a crasher? I think that's pushing the benchmark. It's not really a DoS... it's a crash/hang.
It would be a security issue if say, it caused 911 to become unavailable, or killed US Radar systems... but not for crashing a web browser.
I think people have been pushing for a while in hopes of getting new security bugs. And that's all products, not just Moz. There are legitimate security bugs, but I don't think this qualifies. IMHO you need to be able to do something that violates security to be a security issue.
btw... that post was supposed to go anonymous but somehow slashdot managed to sign me up after i entered the anonymous CAPTCHA word and previewed
From what I've seen, *any* site can cause this kind of crash in IE. No special HTML required.
My SuSE 9.1 survived it. Weird though that it would depend on the linux version. It might have something to do with the libraries in use.
My wife's sketchblog Blob[p]: Gastrono-me
.....to their webpages to keep Mozilla clients from being used. That way you don't get rid of that IE icon on your desktop.
This is my opinion. To make sure you don't steal it, it's covered by the DMCA.
1. A bug in a browser is found.
2. Regardless of the type of bug, if it's an Open Source browser, you can say any of the following:
"It's an insignificant bug!"
"It'll be fixed faster than Microsoft would fix it!"
"At least you have the source code so you can figure out a fix on your own!"
"Hey, these guys aren't being paid so quit complaining."
"This is news?"
3. Regardless of the type of bug, if it's a Microsoft browser, you can say any of the following:
"Bill Gates sucks!"
"Microsoft sucks!"
"I hate Microsoft!"
"IE is for losers!"
"This is a huge exploit that will cause global chaos!"
"This is the biggest piece of news ever!"
Note the double standard, folks. If it's OSS, it's "good" software and thus automatically immune from any kind of criticism. Indeed, it's given the exact opposite: flaws are actually excused with lame rationalizations. If it's Microsoft software, it's "bad" software and thus every flaw must be expounded upon, exaggerated, and endlessly repeated.
A flaw is a flaw is a flaw. If it's a flaw that crashes your browser, we should heap the same criticism (or give the same excuses) regardless of whether that software comes from Mozilla.org or Microsoft.com. Without criticism, there is no incentive to change. By calling these exploits and bugs by their right name, we are helping the OSS cause. Do not think you're helping things by saying "hey, it's no big deal when a Firefox bug crashes my browser" but then say something completely opposite when a similar bug crashes IE.
In the end they will lay their freedom at our feet and say to us, Make us your slaves, but feed us. - Fyodor Dostoyevsky
I've tried with K-meleon a little browser based on gecko engine and it is vulnerable too. So, expect the same for all the browser based on gecko.
No remote execution or personal data being revealed, it just hangs the browser. It doesn't even seem to slow down the rest of the system, it just makes Firefox unresponsive. So?
t ml>
It's easy to do that to almost any browser. Loading a lot of really big images will crash Firefox when it runs out of memory, and has the side-effect of slowing the rest of the system (or probably crashing it if it's based on windows 9x).
The "exploit's" entire HTML source reads like this:
<html><body><strong>Mozilla<sourcetext></body></h
It's clearly a silly bug, but I feel that saying "it is clear that this exploit will indeed need patching as soon as possible" is excessive hype. This is not a security issue. This is part of the known problem that Firefox is not very tolerant of buggy code, which is a general serious issue that does need fixing.
I wonder if this is a Gecko bug? An email version of this for Thunderbird would be very annoying.
# cat
Damn, my RAM is full of llamas.
websites have been suffering DoS attacks and they can't do anything about it (specially if they're distributed).
DoS is the last resource for a hacker when he can't penetrate the website's server. It's not "hacking" in fact.
What astounds me is that people seem less afraid of remote execution vulnerabilities than of DoS attacks. Or is it just me?
What the heck.. I clicked and clicked and clicked. No crash!
:)
And then I realised, I was on 1.5b2
... "follow me" the wise man said, but he walked behind
Inconceivable!
When will they wake up and stop releasing buggy software.
I will not have any of their software on my computer. I ONLY use Microsoft products.
I can finally run Mozilla on my MS-DOS box? Sweet!
"The wording from the security company has me thinking they're just trying to make a name for themselves."
I was just about to comment the same - if every Internet Explorer crash bug was reported with this much visibility, Slash would be full of news every day.
"Although it is not true that all conservatives are stupid, it is true that most stupid people are conservative."
OK, the IE fanboys are really stretching now. If crashing the browser is an "exploit" then that opens a whole new avenue of attack on IE. IE crashes like this (for me) far more often then firefox, and firefox crashes just about every time I visit a site with really involved flash or those really annoying smiley face banner ads (those are firefox killers).
ctrl+alt+del kill process is a good workaround for this "extremely dangerous" exploit. Again if this is a security vulnerability, then flash is the greatest hacking tool against firefox. Java is probably the greatest hacking tool against IE.
People are just really desparate for Firefox to have more bugs than IE. Thanks for finding some code that should probably be cleaned up, but crashing the browser is not in any way violating the security of the system on which the browser is running.
Does this mean I can sue sites for using excessive flash and javscript for DoSing my browser?
Not bad, these guys were able to hit the front page twice in seven hours. Good job, guys!
wow, overrated with no moderation, how'd they manage that?
Simply, elegantly, and powerfully put.
So get over it.
If you read the bug - https://bugzilla.mozilla.org/show_bug.cgi?id=30343 3 - you will see that it's a crash which cannot possibly be used to do anything more malicious than, well, crashing the browser.
Annoying to be sure, but harmless otherwise (secunia gave it the very lowest threat rating). The bug happened due to optimization in the compiler, and the relevant code has been reshuffled long since (about a year ago) on the trunk and so the upcoming 1.5 won't even expose you to this annoyance.
Then Windows would be labaled as a weapon of mass destruction.
Frankly, this is non news as there are thousands of ways to just crash a browser or just hang it. It is an entirely other issue with the bugs that lets you crash a full windows computer because of an IE bug. If it crashes other apps or the computer its bad but this is just about wrongly written web pages.
HTTP/1.1 400
Ok, you might be a troll, or flamebait, but it is worth a response...
This discussion is not any different than it would be if it was about IE. There are always those saying "no big deal" about IE security flaws, and plenty of people screaming blood on this conversation. Maybe the balance is slightly altered because so many of us have been burned by IE though....
Having said that.... This is no big deal. Even TFA says "This is not an advisory, just a comment" indicating that the authors don't think it is a big deal either.
LedgerSMB: Open source Accounting/ERP
I just tried the code on Camino (1.0a1) and it appears totally unaffected.
Just create a large (~500Mb) file full of zeroes. gzip it, and place it on your webpage. Most browsers open .gz files in the browser, and loading something like 500Mb in the browser takes some time. May not crash the browser, but is definately as DOS as the articles "exploit" :P
How come whenever there's a Firefox or Internet Explorer exploit some guy like you moans about how whenever there's a Firefox or Internet Explorer exploit a bunch of fanboys get modded up when they criticise Firefox or Internet Explorer?
There are a ton of crasher bugs in Bugzilla, move along folks... this bug (303433) was opened in AUGUST.
What /. filter are you using? Obviously you forgot:
4. ???
z5. Profit!
What would an EWOULDBLOCK block, if an EWOULDBLOCK could block would? -- me
Looks like its time to switch back to IE.
http://saveie6.com/
This reminds me of a bug in Firefox (and other Mozilla products) I reported in December 2004. It's fixed in the 1.5 beta series, but still unfixed in the stable versions (e.g. FF 1.0.7).
The links:
Advisory
PoC
i maybe wrong here...but as far as i know, whenever there's a new security update, why is it that one has to download a whole new version of firefox? in this respect, at least, MS did a better job that mozilla. u only had to download the security update and not a whole new version of IE for these updates(i know...i know...plz dont rant about the problems with IE's updates themselves). all i want to know is, why can't mozilla do the same?
Chaitanya a.k.a PaRAdoX
This appears to have no effect on Gentoo's 1.0.7-r2 (64bit) or the 1.0.7 binary (32bit).
This hardly counts as a DoS attack in its traditional meaning. However it is an annoying bug. I am glad to read that it has been addressed in the latest beta.
What follows is probably an ad hominem attack. Moderate accordingly.
I decided to spend a little time on the Whitedust site. The site is advertised as "The Leading Independent Security News Portal".
The site is run by a group of former crackers. Of course one has to wonder about their cracking, security, and business skills when:
In short this web site has no redeeming value.
I don't need an exploit to crash Firefox, it crashes during normal usage!
The word Hacker was initially intended to describe a smart tinkerer who finds inventive/ingenious solutions to problems from all areas of life ("hacks" a solution together). At some point big media started using the word to describe malicious programmers who use their abilities to compromise others' systems ("hacks into" ...'s computers and steals ...).
So here you have a word describing 2 different things.
For the "tinkerer/inventor" part of the Hacker population, finding out how something works, how it is broken, how it may be fixed is a joy -- the journey is the destination. The satisfaction of discovery and the recognition of peers is more than sufficient to feel satisified.
No need to be evil to feel successful.
I'm running Marillat's binary of Firefox Deer Park Alpha 2 for Debian, it seems to not crash with this bug.
"goodbye and hello, as always" ~Prince Corwin, from Zelazny's Amber series
...even minor FF bugs are still newsworthy while the biggest IE news in 10 years was the month they DIDN'T release a critical patch.
Good work Moz! We're almost at the point where minor rendering glitches are headline news!
As many may people have pointed out, this is just a plain old ordinary borking. Sending broken input to make the application crash or break. There was a time when it was popular to do the same with various versions of Microsoft Outhouse and Express Outhouse by sending carefully crafted email messages that tickled bugs in Outhouse. At the time, people did take those bugs as signs of serious design problems in Outhouse.
This bug and others like it are not of much consequence in and of themselves, but they do help underscore the big problem for browser development. The very early browsers, Mosaic and lynx, made the mistake of being "liberal in what they accepted". That is they made an effort to render broken HTLM. (Lynx, to its credit, at least produced a warning notice.)
This made it easier for web authors to grow ever sloppier in their HTML. And when the browser wars were in full swing, they were largely competing based on which could better render broken HTLM. This of course allowed web page developers to get even sloppier. And they started writing to the unpublished languages of MS-HTML and Mozilla-HTML.
I haven't looked at the actually HTML parsing code of any browser, but my guess is that more than 80% of it is there only to deal with broken HTML. This exploit (and it is an exploit with limited damage) exists only because mozilla is trying to render broken HTML.
This problem with HTML (and so the difficulty and complexity of writing browsers) is the clearest example to me of what is wrong with taking "Be liberal in what you accept, conservative in what you send" to mean that protocol and language violations should be tolerated.
I wish I could offer a realistic suggestion of how we get out of this mess. But the simple fact of the matter is that if one browser starts rejecting broken HTML, then people will use a more tolerent browser.
Prime numbers are exactly what Alan Greenspan says they are -S. Minsky
These occasional problems with FireFox are absolutly NOTHING compared the the thousands of problems IE has had. Firefox is still young, and will obviously get better... these kinds of things are fixed fast... BUT in my mind... if /. is gonna post EVERY LITTLE FF PROBLEM... Then they should post every like IE problem too... =P
firefox 1.0.7 damn.. oh well hopefully the compilier code cache of 0.5 gig that gentoo uses by default should help recompile if much quicker than the first time.
Isn't that something you do against a server, crashing a browser is hardly the bigest trick in the world, IE manages it every few hours on some machines :)
I don't see what the big deal is. I've been using Windows 3.1 for years.
It always amazes me how ALL THESE NEW firefox exploits are comming out, even more exploits then Microsoft someone recently told me... it's still amazing how I NEVER have problems with Firefox, or with my clients that use firefox, but all my NEW clients that run IE or OLD clients who forgot to STOP using IE, have serious problems... That always amazes me how that works out...
-=Linsys=-
http://www.intrusionsec.com
Perhaps someone should post a corrected version and hope that it is copy and pasted enough to become the dominant version.
sig
yours,
kbs
...it happens to be Patch Tuesday. Naturally EI bugs are about as newsworthy as the sun rising in the east but let's see how it went this time.
this one is my favorite to stuff in between the header tag
>script> for(;;){window.open('');} >/script>
freezes the fox for a bit, but it will recover in a minute. Freezes 1.5 too, but only freezes it for a few seconds.
DON'T TRY THIS IN IE
(yeah, yeah, replace the leading > with the "less-than" sign...can't include tags in posts, now, can we?)