FireFox 1.5 Buffer overflow exploit

Discussion of bugs in Mozilla Firefox
User avatar
marcelo-ar
Posts: 13
Joined: February 9th, 2004, 8:12 pm
Location: Bs.As. , Argentina
Contact:

Post by marcelo-ar »

non-linear wrote:Has anyone else had problems with this workaround? I had a problem that I was trying to pinpoint for a couple weeks now, where I couldn't load articles from tv.com (the header loads, but the article beneath wouldn't). After many hours of fixing and trying things, I was able to figure out that this caused the problem. Removing the entry from the user.js file didn't work; the only way I was able to get it to work properly again was to create a new profile and leave it out

Yes, I had a little problem with Gmail because of this preference.
I also read in K-Meleon forums that problems with Google Maps were reported.

Removing this user.js file will not work, because this preference setting is now stored in prefs.js file.
To restore this preference to default, just edit or create a new user.js with this line:

Code: Select all

user_pref("capability.policy.default.HTMLDocument.title.set", "allAccess");
User avatar
Alice
Posts: 2628
Joined: April 23rd, 2003, 11:47 am

Post by Alice »

For the record,
https://bugzilla.mozilla.org/show_bug.cgi?id=319004
overlong document.title setting can corrupt history data, causing non-responsive temporary hang (crash?) on subsequent startups
------- Comment #71 From Jay Patel 2006-01-10 15:50 PST [reply] -------

v.fixed on 1.8.0.1 with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.8.0.1) Gecko/20060109 Firefox/1.5.0.1, no hang/crash on restart using
buffer overflow testcase.


Related thread:
http://forums.mozillazine.org/viewtopic.php?t=365907
History.dat grows -HUGE- upon crash
Alice Wyman
equiZZZ
Posts: 7
Joined: January 13th, 2006, 3:23 am

Post by equiZZZ »

VIPerous wrote:
Elfguy wrote:It's on digg now http://digg.com/security/Kill_Firefox_1 ... te_exploit which means everyone knows.

And here is one of the comments from Digg:

"The script causes a very large (~10MB) string to be written to history.dat (That's just a text file, you can open it in Notepad and take a look). "


Open a 10MB file in notepad???? Nah!
User avatar
scratch
Posts: 4942
Joined: November 6th, 2002, 1:27 am
Location: Massachusetts

Post by scratch »

marcelo-ar wrote:
non-linear wrote:Has anyone else had problems with this workaround? I had a problem that I was trying to pinpoint for a couple weeks now, where I couldn't load articles from tv.com (the header loads, but the article beneath wouldn't). After many hours of fixing and trying things, I was able to figure out that this caused the problem. Removing the entry from the user.js file didn't work; the only way I was able to get it to work properly again was to create a new profile and leave it out

Yes, I had a little problem with Gmail because of this preference.
I also read in K-Meleon forums that problems with Google Maps were reported.

Removing this user.js file will not work, because this preference setting is now stored in prefs.js file.
To restore this preference to default, just edit or create a new user.js with this line:

Code: Select all

user_pref("capability.policy.default.HTMLDocument.title.set", "allAccess");


yeah, that pref totally kills both gmail and google maps. just figured that one out the hard way.
Locked