FireFox 1.5 Buffer overflow exploit

Discussion of bugs in Mozilla Firefox
User avatar
name already taken
Posts: 3124
Joined: February 27th, 2004, 9:54 am
Location: Utah

Post by name already taken »

"It burns like hygiene!"
VanillaMozilla
Posts: 13808
Joined: November 7th, 2005, 11:26 am

Post by VanillaMozilla »

diilbert wrote:I am unable to find the user.js file.... I tried adding to the prefs.js w/o success... Any direction?

Yes. Don't bother. You will probably never experience this problem, and even if you do, it doesn't do any damage. Just trust in the Web Police. There are many ways to cause denial of service attacks on browsers by coding infinite loops on the Web page, and it's pointless as an individual to try to defend against them.
trparky
Posts: 14
Joined: January 19th, 2005, 2:43 pm
Location: Cleveland, OH
Contact:

Post by trparky »

Will this eventually get fixed?
Tom
Darkscribes, Home of Anime and SciFi Fanfiction and Original works of Fiction.
User avatar
Nanobot
Posts: 578
Joined: April 28th, 2004, 7:25 pm
Location: California
Contact:

Post by Nanobot »

Elfguy
Posts: 309
Joined: June 27th, 2005, 5:56 pm
Contact:

Post by Elfguy »

So far what we know is:

- Even with some people claiming this can crash the browser, we have no direct evidence of that and no one has been able to show it can crash the browser. What it does is slow down how fast Firefox will start.

- There is no way to exploit this so it's not a 'security' vulnerability.

- There are several workarounds for this, the easiest one is to set the Sanitize function to clear history when Firefox exits.

The official Mozilla statement is at: http://www.mozilla.org/security/history-title.html
Jweb_Guru
Posts: 74
Joined: September 7th, 2005, 9:50 pm

Post by Jweb_Guru »

We also know that it's a mork bug, so there shouldn't be any "crash" unless you actually run out of memory. Nor is any buffer being overrun, at least not generally. Several patches are being considered; I suspect that we will end up fixing the bad mork file reading algorithm, as it might cause other issues in the future and it's a better general solution.

Anyway, the thread title is disingenious, considering that it's not an exploit, not a buffer overflow, and doesn't just happen in Firefox 1.5. P'raps someone should change it?
VanillaMozilla
Posts: 13808
Joined: November 7th, 2005, 11:26 am

Post by VanillaMozilla »

Jweb_Guru wrote:... there shouldn't be any "crash" unless you actually run out of memory.

Running out of memory should not cause crashes on a properly configured system. Good point about the title, though. Perhaps it should be changed to "Holy Roman Empire".
Jonathan Quince
Posts: 3
Joined: December 9th, 2005, 10:32 am
Location: Sopef.org
Contact:

Post by Jonathan Quince »

Has anybody seen this (or a similar bug) <a href="http://forums.mozillazine.org/viewtopic.php?p=1938221">trigger Data Execution Prevention</a> on Windows XP SP2? I'll try the testcase, but my computing resources are a bit bogged down at the moment.
diilbert
Posts: 13
Joined: May 15th, 2005, 1:20 pm

Post by diilbert »

I really don't know what it crashed Firefox for me and will not start until I delete history.dat
Peng
Posts: 778
Joined: November 9th, 2004, 2:31 pm
Location: Central Florida
Contact:

Post by Peng »

Jweb_Guru wrote:We also know that it's a mork bug ...


It's not a bug, per se, it's just some inefficient code.
Hug Peng
(aka Matt Nordhoff)
Check out: Adblock Plus | FoxClocks | OpenBook
Jonathan Quince
Posts: 3
Joined: December 9th, 2005, 10:32 am
Location: Sopef.org
Contact:

Post by Jonathan Quince »

Peng wrote:
Jweb_Guru wrote:We also know that it's a mork bug ...


It's not a bug, per se, it's just some inefficient code.
We all know that Mork is a "feature". ;-p
Peng
Posts: 778
Joined: November 9th, 2004, 2:31 pm
Location: Central Florida
Contact:

Post by Peng »

Jonathan Quince wrote:
Peng wrote:
Jweb_Guru wrote:We also know that it's a mork bug ...


It's not a bug, per se, it's just some inefficient code.
We all know that Mork is a "feature". ;-p


Exactly. :D

No other software has such an innovative database design. (Because they all figured out something better 15 years ago.)
Hug Peng
(aka Matt Nordhoff)
Check out: Adblock Plus | FoxClocks | OpenBook
User avatar
Nitin
Moderator
Posts: 3483
Joined: February 27th, 2003, 9:38 pm
Location: San Jose, CA
Contact:

Post by Nitin »

Its not a buffer overflow
Its not a DoS

Security Advisory:
http://www.mozilla.org/security/history-title.html

A firefox update is unlikely
If you're not using Firefox, you're not surfing the web, you're suffering it.
Join the MZ folding@home team.
old Harry Waldron
Moderator
Posts: 0
Joined: December 31st, 1969, 5:00 pm

Post by old Harry Waldron »

As Nitin shares the official response from the Mozilla foundation better documents this new flaw. It's more of a bug than a serious security risk. It's not in-the-wild and only proof-of-concept code has been developed so far.

Mozilla Foundation Response
http://www.mozilla.org/security/history-title.html

The Internet Storm Center
http://isc.sans.org/diary.php?storyid=920

Secunia information - rates as a non-critical security risk
http://secunia.com/advisories/17934/

P.S. A more serious web based security risk is the unpatched 911302 IE vulnerability where 3 new JS based worms just popped out of the woodwork
User avatar
non-linear
Posts: 167
Joined: March 29th, 2005, 8:14 pm

Post by non-linear »

Has anyone else had problems with this workaround? I had a problem that I was trying to pinpoint for a couple weeks now, where I couldn't load articles from tv.com (the header loads, but the article beneath wouldn't). After many hours of fixing and trying things, I was able to figure out that this caused the problem. Removing the entry from the user.js file didn't work; the only way I was able to get it to work properly again was to create a new profile and leave it out
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0
Thunderbird version 1.5 (20051025)
Locked