Already Firefox 1.5, the latest incarnation of the popular alternative browser, has had exploit code released
which takes advantage of a bug in the history.dat file, which stores information from Web sites users have visited. Basically, using an overly long topic of a page can cause the browser to crash each time it is started after going to such a page. According to the Internet Storm Center, it is not possible to start Firefox normally until the history.dat file is manually erased.
In testing Firefox 1.5 without a system running McAfee security software, the Firefox 1.5 browser would stall and not respond to a user's mouse, said Johannes Ullrich, chief research officer for the Sans Institute, which runs the Internet Storm Center.
"Users have to kill out of the browser and start over again. This stalled browser creates a DOS (denial of service) condition," Ullrich said.