Posted on 12/08/2005 4:06:06 PM PST by zeugma
Exploit code for the latest version of open-source browser Firefox was published Wednesday, potentially putting users at risk of a denial-of-service attack.
The exploit code takes advantage of a bug in the recently released Firefox 1.5, running on Windows XP with Service Pack 2. Firefox, which initially debuted over a year ago, has moved swiftly to capture 8 percent of the browser market.
The latest Firefox flaw exists in the history.dat file, which stores information from Web sites users have visited with the Firefox 1.5 browser, according to a posting on the Internet Storm Center, which monitors online threats.
"If the topic of a page is crafted to be long enough, it will crash the browser each time it is started after going to such a page," according to the Internet Storm Center posting. "Once this happens, Firefox will be unable to be started until you erase the history.dat file manually."
In testing Firefox 1.5 without a system running McAfee security software, the Firefox 1.5 browser would stall and not respond to a user's mouse, said Johannes Ullrich, chief research officer for the Sans Institute, which runs the Internet Storm Center.
"Users have to kill out of the browser and start over again. This stalled browser creates a DOS (denial of service) condition," Ullrich said.
Packet Storm, the security group that initially published the proof-of-concept exploit code, noted that in addition to the potential denial-of-service attack that could follow a buffer overflow, systems may also be subject to a malicious execution of code.
Ullrich, however, said while the potential may exist, it has not been proven either way that malicious code could be executed.
Mozilla Foundation, which released Firefox, said it was not able to confirm the browser would crash or be at risk of a DOS attack, after visiting certain Web sites. And Mozilla has not received any reports from users of such a problem, said Mike Schroepfer, vice president of engineering for Mozilla Corp.
He added that Firefox 1.5 can be slugglish on its next start-up, due to a bug in the history.dat, but it is not a security problem.
"We have gotten no independent verification that it crashes (Firefox), but there have been a lot of attempts to try," Schroepfer said.
*lol*
"Don't try to weasel out now that you've finally realized how bad you've been smoked mr flamer."
hahahahahaha! Yeah, Mr. ChiCom Supporter. Whatever.
"You're the one running around trying to cover up the fact that China and other potentially advesarial states are getting free software from the US."
No I'm not. Never denied that once. Just denied that they were getting any software dollars from ME. I know you wish you could do the same.
"Don't deny that you haven't, you've clung to some little faq sheet like it was your long lost blanket when it attempts to claim China and others do not get said software for free."
The lies really start snowballing when you're angry, GE. Show me where I said, "China doesn't get software for free." You know you can't. Ha ha!
"Any attempts by you NOW at blaming those that buy US products as well as call for stricter intellectual property laws is misguuded and/or hypocritical."
What's hypocritical is you slamming me about China when, between the two of us, you're the only one sending them money to fund their software technology.
"Now go back to reading the GNU Manifesto over on your buddy Stallman's site so you'll at least know what it is you've been blindly supporting."
Wahhhhh! Your desperation is showing, crybaby.
LOL, great post... But I thought Red Hat Developers were the Light Brigade..
"Pointing the finger at me doesn't help you."
It doesn't need to. I'm not funding the ChiComs. Don't need any help to keep my money from ending up as their technology. YOU are the one who needs help reconciling your own positions with one another.
"You have been running around ever since your first post quoting some faq off that commie Richard Stallman's website from the beginning, and are apparently just another one of his blind worshipers."
Never made a comment about Stallman. Just posted what he said about his own license. I think he'd know better than you.
"Go study the GNU Manifesto some more, I'm sure you know exactly where it is. If you don't, here's where you can find it."
Yeah, you posted that before. The CD is skipping again, eh? Ranting about Stallman doesn't explain how you supposedly got moral superiority when you funded the ChiComs and I didn't.
"It talks about ruining the US software industry, and making all software free, something that is apparently very important to you as well."
Maybe it should be to you as well. That way, you could get software without funding commies. BTW, "Stallman is a commie" is not a very good defense of giving your money to commies...it's kind of ironic, in fact.
"You can forget the insults and juvenile vaudeville pal from here on pal, you've been pegged from the beginning."
That sentence made no sense. What the hell is a "vaudeville pal"? I'd really feel sorry for you if you weren't an ass.
Well, that convinces me. What a stunning argument.
I'm now totally sold on the idea that it's much, much worse to give your product away to everyone than it is to sell your product and use the proceeds to fund forced abortions, forced sterilizations and then turn around and give your product away for free to just Communists.
This has been a special presentation of the GE Twilight Zone. We now return you to his regularly scheduled trolling.
HAHAHA, you boys keep wanting to blame Microsoft for giving software away to the world for free, but everybody knows it's a hypocritical lie since it's only your free software they get for free. That's why they call it "free software", and exactly why you love it.
As for your smears against the Gates foundation, none of their philantropic contributions to world health are allowed to be used for abortions.
http://www.newhousenews.com/archive/story1b011701.html
What a miserable life you must lead, begging for handouts, criticising the successful, and lying in every post.
And of course we all realize that PP would never move money originally allocated for the things Gates is funding over to their abortion endeavors since Gates has now funded the other activities.
Right?
Well we know Gates' people claim there are stipulations in their donations that specifically prohibit them being used for such purposes. And since the Gates Foundation is the preeminent donor to world health issues, according to that article even exceeding the US government at times, I'd say it's obviously incumbent on those attempting smears to offer some bonafide proof they're not the ones lying.
Yes--just as Missouri (at least) put regulations on gambling income to go to schools. Wanna know what happened?
Missouri's normal tax revenues that went to schools are now being diverted to other pork barrel projects because the gambling money is covering the schools. So rather than improvng schools as was originally advertised and promised, we have the same amount of money (or a little less) going to schools while taxes get pushed to other projects.
That's exactly what's going on with Planned Parenthood. While Gates funds "respectable" activities PP is performing, it allows PP to free up a ton of money to go towards abortions and the abetting of rapes of minors.
If I give planned parenthood 1000$ and they use that money for say.... The gas bill that is 1000$ now free for Abortions they would to have otherwise spent on the Gas bill... I have been through this with him but as you once told me 'you're wasting your breath'..
I know. But I happen to be in a fairly generous mood this morning. I'll continue to respond for a little while, at least. That way it'll be on the record for later reference. :)
Missouri has nothing to do with this. If you have proof, bring it forward. So far no one has any.
"HAHAHA, you boys keep wanting to blame Microsoft for giving software away to the world for free, but everybody knows it's a hypocritical lie since it's only your free software they get for free."
Yeah. Free means that, unlike you, we don't have to fund the Commies to use it.
"As for your smears against the Gates foundation, none of their philantropic contributions to world health are allowed to be used for abortions."
Doesn't matter. I didn't give any money to anyone to be used for anything. You do.
"What a miserable life you must lead, begging for handouts, criticising the successful, and lying in every post."
This isn't a lie: Buzzy the Wonder Turkey funds the Commies when he gets new software. Flaming Death doesn't. You still haven't dealt with that one yet.
So, your software dollars go to Planned Parenthood AND the ChiComs?
Wow. So, why don't you just go over to DU and start you up a nice little membership there?
And don't try to weasel out of it by trying to defend what Planned Parenthood does with the money, because that's a load of hogwash. They have lobbyists they send to Capitol Hill to get the laws changed. Any money you give them hurts conservative causes.
And your software dollars are helping to make that possible.
Don't point fingers at me pal. You are the one supporting liberal/DNC/DU causes just as I showed in post #52. Just because you can't get away with your lies with me around is your problem.
Say what you will...they don't get my money. I don't help them out one bit with my software choices.
Money is fungible.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.