Firefox 1.5 exploit code released

By Derek Sooman on December 11, 2005, 6:36 AM
Already Firefox 1.5, the latest incarnation of the popular alternative browser, has had exploit code released which takes advantage of a bug in the history.dat file, which stores information from Web sites users have visited. Basically, using an overly long topic of a page can cause the browser to crash each time it is started after going to such a page. According to the Internet Storm Center, it is not possible to start Firefox normally until the history.dat file is manually erased.

In testing Firefox 1.5 without a system running McAfee security software, the Firefox 1.5 browser would stall and not respond to a user's mouse, said Johannes Ullrich, chief research officer for the Sans Institute, which runs the Internet Storm Center.

"Users have to kill out of the browser and start over again. This stalled browser creates a DOS (denial of service) condition," Ullrich said.




User Comments: 6

Got something to say? Post a comment
Nanobot said:
All this vulnerability does is cause Firefox to take a very long time to start up, and slow your system to a crawl while it's doing it. Windows (or whatever you're using) may notice that it's caught in a long resource-intensive process and may ask you if you want to force it to close. If you don't, Firefox will eventually finish starting up, but it may take a while.Dispite what some news articles elsewhere have claimed, this vulnerability *cannot* be used by malicious websites to get access to your system. All it does is feed Firefox information that Firefox takes an unusually long time to process whenever you start it up. It's annoying, but it isn't dangerous.
spike said:
This isn't an exploit - it's proof that firefox has an annoying little bug that'll probably be fixed soon.
Mictlantecuhtli said:
It's so nice to downplay Firefox bugs/vulnerabilities/exploits/whatever. Would you have said the same if this was in IE?
spike said:
If this particular vulnerability was in IE, then in all honesty I might, as long as it had only the exact same effect as this one.I don't mind that this is a bug - I just don't see that it should be described as an exploit given that it can't really be exploited to gain anything.
xerowingsx5k said:
This has happened to me before but I have certainly not found it dangerous since it has not damaged my computer when it happens. I find it rather pesky, though.
Need_a_Dell said:
This is an overstatement. I agree with Spike, this is not an exploit, it's simply a bug that will be fixed in Firefox 1.51!
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.