MozillaZine

FireFox 1.5 Buffer overflow exploit

Discussion of bugs in Mozilla Firefox
name already taken

User avatar
 
Posts: 3124
Joined: February 27th, 2004, 9:54 am
Location: Utah

Post Posted December 9th, 2005, 7:06 am

"It burns like hygiene!"

VanillaMozilla
 
Posts: 13808
Joined: November 7th, 2005, 11:26 am

Post Posted December 9th, 2005, 7:34 am

diilbert wrote:I am unable to find the user.js file.... I tried adding to the prefs.js w/o success... Any direction?

Yes. Don't bother. You will probably never experience this problem, and even if you do, it doesn't do any damage. Just trust in the Web Police. There are many ways to cause denial of service attacks on browsers by coding infinite loops on the Web page, and it's pointless as an individual to try to defend against them.

trparky
 
Posts: 14
Joined: January 19th, 2005, 2:43 pm
Location: Cleveland, OH

Post Posted December 9th, 2005, 8:09 am

Will this eventually get fixed?
Tom
Darkscribes, Home of Anime and SciFi Fanfiction and Original works of Fiction.

Nanobot

User avatar
 
Posts: 578
Joined: April 28th, 2004, 7:25 pm
Location: California

Post Posted December 9th, 2005, 9:24 am


Elfguy
 
Posts: 309
Joined: June 27th, 2005, 5:56 pm

Post Posted December 9th, 2005, 11:12 am

So far what we know is:

- Even with some people claiming this can crash the browser, we have no direct evidence of that and no one has been able to show it can crash the browser. What it does is slow down how fast Firefox will start.

- There is no way to exploit this so it's not a 'security' vulnerability.

- There are several workarounds for this, the easiest one is to set the Sanitize function to clear history when Firefox exits.

The official Mozilla statement is at: http://www.mozilla.org/security/history-title.html

Jweb_Guru
 
Posts: 74
Joined: September 7th, 2005, 9:50 pm

Post Posted December 9th, 2005, 11:38 am

We also know that it's a mork bug, so there shouldn't be any "crash" unless you actually run out of memory. Nor is any buffer being overrun, at least not generally. Several patches are being considered; I suspect that we will end up fixing the bad mork file reading algorithm, as it might cause other issues in the future and it's a better general solution.

Anyway, the thread title is disingenious, considering that it's not an exploit, not a buffer overflow, and doesn't just happen in Firefox 1.5. P'raps someone should change it?

VanillaMozilla
 
Posts: 13808
Joined: November 7th, 2005, 11:26 am

Post Posted December 9th, 2005, 11:57 am

Jweb_Guru wrote:... there shouldn't be any "crash" unless you actually run out of memory.

Running out of memory should not cause crashes on a properly configured system. Good point about the title, though. Perhaps it should be changed to "Holy Roman Empire".

Jonathan Quince

User avatar
 
Posts: 3
Joined: December 9th, 2005, 10:32 am
Location: Sopef.org

Post Posted December 9th, 2005, 12:22 pm

Has anybody seen this (or a similar bug) <a href="http://forums.mozillazine.org/viewtopic.php?p=1938221">trigger Data Execution Prevention</a> on Windows XP SP2? I'll try the testcase, but my computing resources are a bit bogged down at the moment.

diilbert
 
Posts: 13
Joined: May 15th, 2005, 1:20 pm

Post Posted December 9th, 2005, 12:49 pm

I really don't know what it crashed Firefox for me and will not start until I delete history.dat

Peng

User avatar
 
Posts: 778
Joined: November 9th, 2004, 2:31 pm
Location: Central Florida

Post Posted December 9th, 2005, 1:20 pm

Jweb_Guru wrote:We also know that it's a mork bug ...


It's not a bug, per se, it's just some inefficient code.
Hug Peng
(aka Matt Nordhoff)
Check out: Adblock Plus | FoxClocks | OpenBook

Jonathan Quince

User avatar
 
Posts: 3
Joined: December 9th, 2005, 10:32 am
Location: Sopef.org

Post Posted December 9th, 2005, 1:26 pm

Peng wrote:
Jweb_Guru wrote:We also know that it's a mork bug ...


It's not a bug, per se, it's just some inefficient code.
We all know that Mork is a "feature". ;-p

Peng

User avatar
 
Posts: 778
Joined: November 9th, 2004, 2:31 pm
Location: Central Florida

Post Posted December 9th, 2005, 1:54 pm

Jonathan Quince wrote:
Peng wrote:
Jweb_Guru wrote:We also know that it's a mork bug ...


It's not a bug, per se, it's just some inefficient code.
We all know that Mork is a "feature". ;-p


Exactly. :D

No other software has such an innovative database design. (Because they all figured out something better 15 years ago.)
Hug Peng
(aka Matt Nordhoff)
Check out: Adblock Plus | FoxClocks | OpenBook

Nitin
Moderator

User avatar
 
Posts: 3483
Joined: February 27th, 2003, 9:38 pm
Location: San Jose, CA

Post Posted December 9th, 2005, 7:30 pm

Its not a buffer overflow
Its not a DoS

Security Advisory:
http://www.mozilla.org/security/history-title.html

A firefox update is unlikely
If you're not using Firefox, you're not surfing the web, you're suffering it.
Join the MZ folding@home team.

old Harry Waldron
Moderator
 
Posts: 0
Joined: December 31st, 1969, 5:00 pm

Post Posted December 10th, 2005, 4:51 am

As Nitin shares the official response from the Mozilla foundation better documents this new flaw. It's more of a bug than a serious security risk. It's not in-the-wild and only proof-of-concept code has been developed so far.

Mozilla Foundation Response
http://www.mozilla.org/security/history-title.html

The Internet Storm Center
http://isc.sans.org/diary.php?storyid=920

Secunia information - rates as a non-critical security risk
http://secunia.com/advisories/17934/

P.S. A more serious web based security risk is the unpatched 911302 IE vulnerability where 3 new JS based worms just popped out of the woodwork

non-linear

User avatar
 
Posts: 167
Joined: March 29th, 2005, 8:14 pm

Post Posted December 21st, 2005, 7:00 am

Has anyone else had problems with this workaround? I had a problem that I was trying to pinpoint for a couple weeks now, where I couldn't load articles from tv.com (the header loads, but the article beneath wouldn't). After many hours of fixing and trying things, I was able to figure out that this caused the problem. Removing the entry from the user.js file didn't work; the only way I was able to get it to work properly again was to create a new profile and leave it out
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0
Thunderbird version 1.5 (20051025)

Return to Firefox Bugs


Who is online

Users browsing this forum: No registered users and 1 guest