Firefox 1.5 exploit code released

By Derek Sooman on
Already Firefox 1.5, the latest incarnation of the popular alternative browser, has had exploit code released which takes advantage of a bug in the history.dat file, which stores information from Web sites users have visited. Basically, using an overly long topic of a page can cause the browser to crash each time it is started after going to such a page. According to the Internet Storm Center, it is not possible to start Firefox normally until the history.dat file is manually erased.

In testing Firefox 1.5 without a system running McAfee security software, the Firefox 1.5 browser would stall and not respond to a user's mouse, said Johannes Ullrich, chief research officer for the Sans Institute, which runs the Internet Storm Center.

"Users have to kill out of the browser and start over again. This stalled browser creates a DOS (denial of service) condition," Ullrich said.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.