MozillaZine

FireFox 1.5 Buffer overflow exploit

Discussion of bugs in Mozilla Firefox
marcelo-ar

User avatar
 
Posts: 13
Joined: February 9th, 2004, 8:12 pm
Location: Bs.As. , Argentina

Post Posted December 24th, 2005, 10:58 am

non-linear wrote:Has anyone else had problems with this workaround? I had a problem that I was trying to pinpoint for a couple weeks now, where I couldn't load articles from tv.com (the header loads, but the article beneath wouldn't). After many hours of fixing and trying things, I was able to figure out that this caused the problem. Removing the entry from the user.js file didn't work; the only way I was able to get it to work properly again was to create a new profile and leave it out

Yes, I had a little problem with Gmail because of this preference.
I also read in K-Meleon forums that problems with Google Maps were reported.

Removing this user.js file will not work, because this preference setting is now stored in prefs.js file.
To restore this preference to default, just edit or create a new user.js with this line:
Code: Select all
user_pref("capability.policy.default.HTMLDocument.title.set", "allAccess");

Alice

User avatar
 
Posts: 2629
Joined: April 23rd, 2003, 11:47 am

Post Posted January 11th, 2006, 8:50 am

For the record,
https://bugzilla.mozilla.org/show_bug.cgi?id=319004
overlong document.title setting can corrupt history data, causing non-responsive temporary hang (crash?) on subsequent startups
------- Comment #71 From Jay Patel 2006-01-10 15:50 PST [reply] -------

v.fixed on 1.8.0.1 with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.8.0.1) Gecko/20060109 Firefox/1.5.0.1, no hang/crash on restart using
buffer overflow testcase.


Related thread:
http://forums.mozillazine.org/viewtopic.php?t=365907
History.dat grows -HUGE- upon crash
Alice Wyman

equiZZZ
 
Posts: 7
Joined: January 13th, 2006, 3:23 am

Post Posted January 13th, 2006, 3:48 am

VIPerous wrote:
Elfguy wrote:It's on digg now http://digg.com/security/Kill_Firefox_1 ... te_exploit which means everyone knows.

And here is one of the comments from Digg:

"The script causes a very large (~10MB) string to be written to history.dat (That's just a text file, you can open it in Notepad and take a look). "


Open a 10MB file in notepad???? Nah!

scratch

User avatar
 
Posts: 4942
Joined: November 6th, 2002, 1:27 am
Location: Massachusetts

Post Posted January 24th, 2006, 4:14 pm

marcelo-ar wrote:
non-linear wrote:Has anyone else had problems with this workaround? I had a problem that I was trying to pinpoint for a couple weeks now, where I couldn't load articles from tv.com (the header loads, but the article beneath wouldn't). After many hours of fixing and trying things, I was able to figure out that this caused the problem. Removing the entry from the user.js file didn't work; the only way I was able to get it to work properly again was to create a new profile and leave it out

Yes, I had a little problem with Gmail because of this preference.
I also read in K-Meleon forums that problems with Google Maps were reported.

Removing this user.js file will not work, because this preference setting is now stored in prefs.js file.
To restore this preference to default, just edit or create a new user.js with this line:
Code: Select all
user_pref("capability.policy.default.HTMLDocument.title.set", "allAccess");


yeah, that pref totally kills both gmail and google maps. just figured that one out the hard way.

Return to Firefox Bugs


Who is online

Users browsing this forum: No registered users and 0 guests