Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Unpatched Firefox 1.5 exploit made public
Cnet ^ | 12/08/2005 | Dawn Kawamoto

Posted on 12/08/2005 4:06:06 PM PST by zeugma

Exploit code for the latest version of open-source browser Firefox was published Wednesday, potentially putting users at risk of a denial-of-service attack.

The exploit code takes advantage of a bug in the recently released Firefox 1.5, running on Windows XP with Service Pack 2. Firefox, which initially debuted over a year ago, has moved swiftly to capture 8 percent of the browser market.

The latest Firefox flaw exists in the history.dat file, which stores information from Web sites users have visited with the Firefox 1.5 browser, according to a posting on the Internet Storm Center, which monitors online threats.

"If the topic of a page is crafted to be long enough, it will crash the browser each time it is started after going to such a page," according to the Internet Storm Center posting. "Once this happens, Firefox will be unable to be started until you erase the history.dat file manually."

In testing Firefox 1.5 without a system running McAfee security software, the Firefox 1.5 browser would stall and not respond to a user's mouse, said Johannes Ullrich, chief research officer for the Sans Institute, which runs the Internet Storm Center.

"Users have to kill out of the browser and start over again. This stalled browser creates a DOS (denial of service) condition," Ullrich said.

Packet Storm, the security group that initially published the proof-of-concept exploit code, noted that in addition to the potential denial-of-service attack that could follow a buffer overflow, systems may also be subject to a malicious execution of code.

Ullrich, however, said while the potential may exist, it has not been proven either way that malicious code could be executed.

Mozilla Foundation, which released Firefox, said it was not able to confirm the browser would crash or be at risk of a DOS attack, after visiting certain Web sites. And Mozilla has not received any reports from users of such a problem, said Mike Schroepfer, vice president of engineering for Mozilla Corp.

He added that Firefox 1.5 can be slugglish on its next start-up, due to a bug in the history.dat, but it is not a security problem.

"We have gotten no independent verification that it crashes (Firefox), but there have been a lot of attempts to try," Schroepfer said.  

Correction: This story incorrectly stated the affiliation of Mike Schroepfer, Mozilla's results in verifying the Firefox 1.5 flaw, and the nature of the problem. Schroepfer is vice president of engineering with Mozilla Corp., and Mozilla has not been able to verify its browser can crash and lead to a denial-of-service condition. The problem itself was not a security vulnerability but actually a flaw in the browser.


TOPICS: Business/Economy; Crime/Corruption; Miscellaneous; News/Current Events
KEYWORDS: browser; exploit; firefox; history
Navigation: use the links below to view more comments.
first previous 1-20 ... 81-100101-120121-140141-158 next last
To: FLAMING DEATH

*lol*


101 posted on 12/14/2005 7:13:34 PM PST by Petronski (I love Cyborg!)
[ Post Reply | Private Reply | To 100 | View Replies]

To: Golden Eagle

"Don't try to weasel out now that you've finally realized how bad you've been smoked mr flamer."

hahahahahaha! Yeah, Mr. ChiCom Supporter. Whatever.

"You're the one running around trying to cover up the fact that China and other potentially advesarial states are getting free software from the US."

No I'm not. Never denied that once. Just denied that they were getting any software dollars from ME. I know you wish you could do the same.

"Don't deny that you haven't, you've clung to some little faq sheet like it was your long lost blanket when it attempts to claim China and others do not get said software for free."

The lies really start snowballing when you're angry, GE. Show me where I said, "China doesn't get software for free." You know you can't. Ha ha!

"Any attempts by you NOW at blaming those that buy US products as well as call for stricter intellectual property laws is misguuded and/or hypocritical."

What's hypocritical is you slamming me about China when, between the two of us, you're the only one sending them money to fund their software technology.

"Now go back to reading the GNU Manifesto over on your buddy Stallman's site so you'll at least know what it is you've been blindly supporting."

Wahhhhh! Your desperation is showing, crybaby.


102 posted on 12/14/2005 7:23:26 PM PST by FLAMING DEATH (And now, for something completely different: www.donaldlancow.com)
[ Post Reply | Private Reply | To 99 | View Replies]

To: FLAMING DEATH
Charge of the Literally Hundreds of RedHat Kernel Developers

LOL, great post... But I thought Red Hat Developers were the Light Brigade..

103 posted on 12/14/2005 7:36:59 PM PST by N3WBI3 (If SCO wants to go fishing they should buy a permit and find a lake like the rest of us..)
[ Post Reply | Private Reply | To 100 | View Replies]

To: FLAMING DEATH
Pointing the finger at me doesn't help you. You have been running around ever since your first post quoting some faq off that commie Richard Stallman's website from the beginning, and are apparently just another one of his blind worshipers. Go study the GNU Manifesto some more, I'm sure you know exactly where it is. If you don't, here's where you can find it.

http://www.gnu.org/gnu/manifesto.html

It talks about ruining the US software industry, and making all software free, something that is apparently very important to you as well. You can forget the insults and juvenile vaudeville pal from here on pal, you've been pegged from the beginning.
104 posted on 12/14/2005 8:18:47 PM PST by Golden Eagle
[ Post Reply | Private Reply | To 102 | View Replies]

To: Golden Eagle

"Pointing the finger at me doesn't help you."

It doesn't need to. I'm not funding the ChiComs. Don't need any help to keep my money from ending up as their technology. YOU are the one who needs help reconciling your own positions with one another.

"You have been running around ever since your first post quoting some faq off that commie Richard Stallman's website from the beginning, and are apparently just another one of his blind worshipers."

Never made a comment about Stallman. Just posted what he said about his own license. I think he'd know better than you.

"Go study the GNU Manifesto some more, I'm sure you know exactly where it is. If you don't, here's where you can find it."

Yeah, you posted that before. The CD is skipping again, eh? Ranting about Stallman doesn't explain how you supposedly got moral superiority when you funded the ChiComs and I didn't.

"It talks about ruining the US software industry, and making all software free, something that is apparently very important to you as well."

Maybe it should be to you as well. That way, you could get software without funding commies. BTW, "Stallman is a commie" is not a very good defense of giving your money to commies...it's kind of ironic, in fact.

"You can forget the insults and juvenile vaudeville pal from here on pal, you've been pegged from the beginning."

That sentence made no sense. What the hell is a "vaudeville pal"? I'd really feel sorry for you if you weren't an ass.


105 posted on 12/14/2005 8:40:20 PM PST by FLAMING DEATH (And now, for something completely different: www.donaldlancow.com)
[ Post Reply | Private Reply | To 104 | View Replies]

To: FLAMING DEATH
Don't forget to pray for all your little pengiun friends before you go to sleep tonight.


106 posted on 12/14/2005 8:52:19 PM PST by Golden Eagle
[ Post Reply | Private Reply | To 105 | View Replies]

To: Golden Eagle
Ooooh, pretty pictures.

Well, that convinces me. What a stunning argument.

I'm now totally sold on the idea that it's much, much worse to give your product away to everyone than it is to sell your product and use the proceeds to fund forced abortions, forced sterilizations and then turn around and give your product away for free to just Communists.

This has been a special presentation of the GE Twilight Zone. We now return you to his regularly scheduled trolling.

107 posted on 12/14/2005 10:31:18 PM PST by Knitebane (Happily Microsoft free since 1999.)
[ Post Reply | Private Reply | To 106 | View Replies]

To: Knitebane

HAHAHA, you boys keep wanting to blame Microsoft for giving software away to the world for free, but everybody knows it's a hypocritical lie since it's only your free software they get for free. That's why they call it "free software", and exactly why you love it.

As for your smears against the Gates foundation, none of their philantropic contributions to world health are allowed to be used for abortions.

http://www.newhousenews.com/archive/story1b011701.html

What a miserable life you must lead, begging for handouts, criticising the successful, and lying in every post.


108 posted on 12/15/2005 5:29:32 AM PST by Golden Eagle
[ Post Reply | Private Reply | To 107 | View Replies]

To: Golden Eagle
As for your smears against the Gates foundation, none of their philantropic contributions to world health are allowed to be used for abortions.

And of course we all realize that PP would never move money originally allocated for the things Gates is funding over to their abortion endeavors since Gates has now funded the other activities.

Right?

109 posted on 12/15/2005 6:11:54 AM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 108 | View Replies]

To: All
It is worth pointing people to the Noscript extension -- It’s a Firefox extension that applies a default-deny policy to JavaScript, so that scripts will only run from servers that you explicitly allow. Javascript is becoming the new 'activeX exploit' and is the source of those popups that get past the usual blockers, like on Drudge.
110 posted on 12/15/2005 6:30:04 AM PST by Tarpon
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

Well we know Gates' people claim there are stipulations in their donations that specifically prohibit them being used for such purposes. And since the Gates Foundation is the preeminent donor to world health issues, according to that article even exceeding the US government at times, I'd say it's obviously incumbent on those attempting smears to offer some bonafide proof they're not the ones lying.


111 posted on 12/15/2005 7:46:10 AM PST by Golden Eagle
[ Post Reply | Private Reply | To 109 | View Replies]

To: Golden Eagle
Well we know Gates' people claim there are stipulations in their donations that specifically prohibit them being used for such purposes.

Yes--just as Missouri (at least) put regulations on gambling income to go to schools. Wanna know what happened?

Missouri's normal tax revenues that went to schools are now being diverted to other pork barrel projects because the gambling money is covering the schools. So rather than improvng schools as was originally advertised and promised, we have the same amount of money (or a little less) going to schools while taxes get pushed to other projects.

That's exactly what's going on with Planned Parenthood. While Gates funds "respectable" activities PP is performing, it allows PP to free up a ton of money to go towards abortions and the abetting of rapes of minors.

112 posted on 12/15/2005 8:00:44 AM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 111 | View Replies]

To: ShadowAce
Shadow we can take that a step further....

If I give planned parenthood 1000$ and they use that money for say.... The gas bill that is 1000$ now free for Abortions they would to have otherwise spent on the Gas bill... I have been through this with him but as you once told me 'you're wasting your breath'..

113 posted on 12/15/2005 8:13:33 AM PST by N3WBI3 (If SCO wants to go fishing they should buy a permit and find a lake like the rest of us..)
[ Post Reply | Private Reply | To 109 | View Replies]

To: N3WBI3
I have been through this with him but as you once told me 'you're wasting your breath'..

I know. But I happen to be in a fairly generous mood this morning. I'll continue to respond for a little while, at least. That way it'll be on the record for later reference. :)

114 posted on 12/15/2005 8:17:02 AM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 113 | View Replies]

To: ShadowAce

Missouri has nothing to do with this. If you have proof, bring it forward. So far no one has any.


115 posted on 12/15/2005 8:46:15 AM PST by Golden Eagle
[ Post Reply | Private Reply | To 114 | View Replies]

To: Golden Eagle

"HAHAHA, you boys keep wanting to blame Microsoft for giving software away to the world for free, but everybody knows it's a hypocritical lie since it's only your free software they get for free."

Yeah. Free means that, unlike you, we don't have to fund the Commies to use it.

"As for your smears against the Gates foundation, none of their philantropic contributions to world health are allowed to be used for abortions."

Doesn't matter. I didn't give any money to anyone to be used for anything. You do.

"What a miserable life you must lead, begging for handouts, criticising the successful, and lying in every post."

This isn't a lie: Buzzy the Wonder Turkey funds the Commies when he gets new software. Flaming Death doesn't. You still haven't dealt with that one yet.


116 posted on 12/15/2005 8:48:47 AM PST by FLAMING DEATH (And now, for something completely different: www.donaldlancow.com)
[ Post Reply | Private Reply | To 108 | View Replies]

To: Golden Eagle

So, your software dollars go to Planned Parenthood AND the ChiComs?

Wow. So, why don't you just go over to DU and start you up a nice little membership there?

And don't try to weasel out of it by trying to defend what Planned Parenthood does with the money, because that's a load of hogwash. They have lobbyists they send to Capitol Hill to get the laws changed. Any money you give them hurts conservative causes.

And your software dollars are helping to make that possible.


117 posted on 12/15/2005 10:37:27 AM PST by FLAMING DEATH (And now, for something completely different: www.donaldlancow.com)
[ Post Reply | Private Reply | To 108 | View Replies]

To: FLAMING DEATH

Don't point fingers at me pal. You are the one supporting liberal/DNC/DU causes just as I showed in post #52. Just because you can't get away with your lies with me around is your problem.


118 posted on 12/15/2005 11:24:13 AM PST by Golden Eagle
[ Post Reply | Private Reply | To 117 | View Replies]

To: Golden Eagle
"Don't point fingers at me pal. You are the one supporting liberal/DNC/DU causes just as I showed in post #52. Just because you can't get away with your lies with me around is your problem."

Say what you will...they don't get my money. I don't help them out one bit with my software choices.

You do.

119 posted on 12/15/2005 11:47:52 AM PST by FLAMING DEATH (And now, for something completely different: www.donaldlancow.com)
[ Post Reply | Private Reply | To 118 | View Replies]

To: Golden Eagle
As for your smears against the Gates foundation, none of their philantropic contributions to world health are allowed to be used for abortions.

Money is fungible.

120 posted on 12/15/2005 11:50:30 AM PST by Petronski (I love Cyborg!)
[ Post Reply | Private Reply | To 108 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-20 ... 81-100101-120121-140141-158 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson