Slashdot Mirror

← Back to Stories (view on slashdot.org)

Unpatched Firefox 1.5 Exploit Made Public

Posted by CmdrTaco on from the caught-with-you-pants-down dept.

ThatGuyGreg writes "C|Net is reporting that an unpatched exploit in Firefox 1.5 has been made public, making it very easy for ne'er-do-well-sites to cause your browser to crash on startup with a single visit. Until a patch is released, it is recommended that you disable your history.dat file."

4 of 309 comments (clear)

  1. FC4, 1.5 by (1+-sqrt(5))*(2**-1) · · Score: 4, Insightful

    I can report that the exploit doesn't work on FC4, with the latest 1.5 built from source.

  2. DOS by kihjin · · Score: 5, Insightful

    The 'exploit' seems only capable of a Denial of Service. There's no proof to indicate that malicious code could be executed.

    Plus, read this (from the article):

    "We have gotten no independent verification that it crashes (Firefox), but there have been a lot of attempts to try," Schroepfer said.

    So, this is all very hypothetical then?

    --
    This slashdot-related signature is a stub. You can help kihjin by expanding it.
  3. Not an "exploit" by joetainment · · Score: 4, Insightful

    This isn't even related to security. Its just a bug.... lots of apps crash when something happens. Doesn't mean its ok, but it doesn't represent a security issue does it? (Unless I'm missing something...)

  4. A crash can often lead to an overflow exploit by MushMouth · · Score: 4, Insightful

    When an app crashes (firefox does quite often for me) it means that it is doing something that the programmer didn't expect. That could be all sorts of things, from taking all the cpu, to writing to memory that it shouldn't be. Most overflow exploits started as mere crashes.