FireFox 1.5 Buffer overflow exploit
34 posts
• Page 2 of 3 • 1, 2, 3
"It burns like hygiene!"
Yes. Don't bother. You will probably never experience this problem, and even if you do, it doesn't do any damage. Just trust in the Web Police. There are many ways to cause denial of service attacks on browsers by coding infinite loops on the Web page, and it's pointless as an individual to try to defend against them.
Will this eventually get fixed?
Tom
Darkscribes, Home of Anime and SciFi Fanfiction and Original works of Fiction.
I blogged about this: Firefox history information DoS vulnerability
Web browser standards support tables
Internet Explorer is dangerous Web Devout - Promote standards and the health of the Web
So far what we know is:
- Even with some people claiming this can crash the browser, we have no direct evidence of that and no one has been able to show it can crash the browser. What it does is slow down how fast Firefox will start. - There is no way to exploit this so it's not a 'security' vulnerability. - There are several workarounds for this, the easiest one is to set the Sanitize function to clear history when Firefox exits. The official Mozilla statement is at: http://www.mozilla.org/security/history-title.html
We also know that it's a mork bug, so there shouldn't be any "crash" unless you actually run out of memory. Nor is any buffer being overrun, at least not generally. Several patches are being considered; I suspect that we will end up fixing the bad mork file reading algorithm, as it might cause other issues in the future and it's a better general solution.
Anyway, the thread title is disingenious, considering that it's not an exploit, not a buffer overflow, and doesn't just happen in Firefox 1.5. P'raps someone should change it?
Running out of memory should not cause crashes on a properly configured system. Good point about the title, though. Perhaps it should be changed to "Holy Roman Empire".
Has anybody seen this (or a similar bug) <a href="http://forums.mozillazine.org/viewtopic.php?p=1938221">trigger Data Execution Prevention</a> on Windows XP SP2? I'll try the testcase, but my computing resources are a bit bogged down at the moment.
I really don't know what it crashed Firefox for me and will not start until I delete history.dat
It's not a bug, per se, it's just some inefficient code.
We all know that Mork is a "feature". ;-p
Exactly. 
No other software has such an innovative database design. (Because they all figured out something better 15 years ago.)
Its not a buffer overflow
Its not a DoS Security Advisory: http://www.mozilla.org/security/history-title.html A firefox update is unlikely If you're not using Firefox, you're not surfing the web, you're suffering it.
Join the MZ folding@home team.
As Nitin shares the official response from the Mozilla foundation better documents this new flaw. It's more of a bug than a serious security risk. It's not in-the-wild and only proof-of-concept code has been developed so far.
Mozilla Foundation Response http://www.mozilla.org/security/history-title.html The Internet Storm Center http://isc.sans.org/diary.php?storyid=920 Secunia information - rates as a non-critical security risk http://secunia.com/advisories/17934/ P.S. A more serious web based security risk is the unpatched 911302 IE vulnerability where 3 new JS based worms just popped out of the woodwork
Has anyone else had problems with this workaround? I had a problem that I was trying to pinpoint for a couple weeks now, where I couldn't load articles from tv.com (the header loads, but the article beneath wouldn't). After many hours of fixing and trying things, I was able to figure out that this caused the problem. Removing the entry from the user.js file didn't work; the only way I was able to get it to work properly again was to create a new profile and leave it out
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0
Thunderbird version 1.5 (20051025)
34 posts
Page 2 of 3 • 1, 2, 3
Who is onlineUsers browsing this forum: No registered users and 2 guests |
|
