Slashdot Mirror
Unpatched Firefox 1.5 Exploit Made Public
ThatGuyGreg writes "C|Net is reporting that an unpatched exploit in Firefox 1.5 has been made public, making it very easy for ne'er-do-well-sites to cause your browser to crash on startup with a single visit. Until a patch is released, it is recommended that you disable your history.dat file."
If it's already happened to you, just delete your history.dat file in your profile folder, and FireFox will create a new (empty) one on startup.
If this only crashes Firefox, how is it an "exploit"? I tend to use "exploit" as something that an attacker can use to their advantage to do something malicious. This is just an annoyance to have to move my poor cursor back to the icon and issue an oh-so-painful double-click.
today is spelling optional day.
Sounds like a great opportunity to show off the snazzy automatic incremental update feature Firefox 1.5 has. Pushing a fix quickly to users who've got it enabled would be great.
Switch back to Slashdot's D1 system.
Cheers,
Toby Haynes
Anything I post is strictly my own thoughts and doesn't necessarily have anything to do with the opinions of IBM.
Quote from the bottom of the article:
Correction: This story incorrectly stated the affiliation of Mike Schroepfer, Mozilla's results in verifying the Firefox 1.5 flaw, and the nature of the problem. Schroepfer is vice president of engineering with Mozilla Corp., and Mozilla has not been able to verify its browser can crash and lead to a denial-of-service condition. The problem itself was a not security vulnerability but actually a flaw in the browser.
Read the article before you consider posting it with a sensational title!
Wow, that is accurate reporting, which was then amplified in the summary to the point of absurdity.
Sig under construction since 1998.
The Mozilla people are also reporting that the exploit doesn't seem to work on any version of 1.5:
/. seen it actually happen?
Mozilla Foundation, which released Firefox, said it was not able to confirm the browser would crash or be at risk of a DOS attack, after visiting certain Web sites.
"We have gotten no independent verification that it crashes (Firefox), but there have been a lot of attempts to try," Schroepfer said.
Apparently they're having a hard time duplicating this particular bug. Has anyone here on
You mean: "Dat file will be history Mon.
The days of the digital watch are numbered.
In other news: Water is wet. Seriously, whoever wrote the history code needs to be shot. Once your history gets to any significant size, all operations on it start getting annoyingly slow. For me, it takes 15 seconds for firefox to open the Go menu for the first time in a session, and once you've done that, even more annoyingly there's a delay of a few seconds on every new page you visit for the rest of that session. The history sidebar is so excruciatingly slow it's practically unusable.
Preferences > privacy > history > [0] days; ok.
Patched. I use the history feature about twice a year, won't miss it till the right fix is found.
Not quite like disabling all the javascript in MSIE, is it?
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
No, just a badly worded summary of the original storm center diary entry in which the ISC handler attributes the possible FAILURE of this bug to crash firefox to the McAfee software, which, in his mind, has some mystical power to optimise firefox's inefficient string parsing algorithm even when it's deactivated!
This bug is slightly lame, even as DOS -- There are no confirmed reports from half-or-more-brain-having people that it even crashes the browser in the first place. All it does is make the subsequent startups slow, especially noticable in slower machines.
See bug 319004 at bugzilla.mozilla.org.
False alarm. No security-related concerns, just overenthusiastic reporting.
If you run the script below, it will create a page with a title that's quite huge. Close your browser and open it again. The browser will spin for about 2 minutes what it tries to make sense the contents of your history file. Once it's finished, you'll be back up and running, with no degradation in performance or visible side-effects. You'll be able to even view your browsing history (including the offending page). In fact, I'm posting this response after following the process described above (on WinXP), and I have a history entry entitled "AAAAAAAAAAAAAAAAA..."
A bit of an annoyance, but hardly a security issue.
Here's the official exploit code:
"With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea...."
RFC 1925
C|Net has added the following correction at the end of the story:
"Correction: This story incorrectly stated the affiliation of Mike Schroepfer, Mozilla's results in verifying the Firefox 1.5 flaw, and the nature of the problem. Schroepfer is vice president of engineering with Mozilla Corp., and Mozilla has not been able to verify its browser can crash and lead to a denial-of-service condition. The problem itself was not a security vulnerability but actually a flaw in the browser."
So Firefox crashes, but no security vunerabilty.
Jumpstart the tartan drive.
I'm pretty sure that it is the new QuickTime 7 plugin causing that.
As other have posted, it crashes IE as well. And every firefox crash I've had since I've installed 1.5 appears to have been QuickTime related!!!
All happening after installing 7 except for one.
=1000101
The origin of the bug is Windows and its shell: protocol, Mozilla simply handled those links back to the OS ad it does with protocols it doesn't know how to handle, other programs like MS Word were vulnerable to the very same exploit.
It was fixed 24 hours after full disclosure, and only Win32 versions of Mozilla were vulnerable, doesn't this ring a bell?
Anyway, read this link for more info.
The IT section color scheme sucks.