Slashdot Mirror

← Back to Stories (view on slashdot.org)

Unpatched Firefox 1.5 Exploit Made Public

Posted by CmdrTaco on from the caught-with-you-pants-down dept.

ThatGuyGreg writes "C|Net is reporting that an unpatched exploit in Firefox 1.5 has been made public, making it very easy for ne'er-do-well-sites to cause your browser to crash on startup with a single visit. Until a patch is released, it is recommended that you disable your history.dat file."

7 of 309 comments (clear)

  1. FC4, 1.5 by (1+-sqrt(5))*(2**-1) · · Score: 4, Insightful

    I can report that the exploit doesn't work on FC4, with the latest 1.5 built from source.

  2. DOS by kihjin · · Score: 5, Insightful

    The 'exploit' seems only capable of a Denial of Service. There's no proof to indicate that malicious code could be executed.

    Plus, read this (from the article):

    "We have gotten no independent verification that it crashes (Firefox), but there have been a lot of attempts to try," Schroepfer said.

    So, this is all very hypothetical then?

    --
    This slashdot-related signature is a stub. You can help kihjin by expanding it.
  3. Not an "exploit" by joetainment · · Score: 4, Insightful

    This isn't even related to security. Its just a bug.... lots of apps crash when something happens. Doesn't mean its ok, but it doesn't represent a security issue does it? (Unless I'm missing something...)

  4. Re:Only crashes? by courtarro · · Score: 3, Insightful

    There are plenty of browser denial-of-service bugs, but few of them can actually render your browser useless upon every execution. This one has a lasting effect that's more significant that the old "do while(true) alert;"-style DoS attacks. A single double-click won't fix this one; you have to delete your old history.dat file.

  5. Re:Only crashes? by Anonymous Coward · · Score: 3, Insightful

    If it causes a crash, it's entirely likely that some malicious code could be injected into memory when that happens! If so, you're potentially up shit creek.

  6. It's completely retarded... by ninja_assault_kitten · · Score: 3, Insightful

    The guy who reported it called it a 'buffer overflow' and clearly had no understanding of what it actually meant.

    which
    most users won't figure out.

    this proof of concept will only prevent someone from reopening
    their browser after being exploited. DoS if you will. however, code
    execution is possible with some modifcations.

    Tested with Firefox 1.5 on Windows XP SP2.

    ZIPLOCK

    -->

    heh
    function ex() {
                var buffer = "";
                  for (var i = 0; i ZIPLOCK says CLICK ME

  7. A crash can often lead to an overflow exploit by MushMouth · · Score: 4, Insightful

    When an app crashes (firefox does quite often for me) it means that it is doing something that the programmer didn't expect. That could be all sorts of things, from taking all the cpu, to writing to memory that it shouldn't be. Most overflow exploits started as mere crashes.