Posted on 12/08/2005 4:06:06 PM PST by zeugma
Exploit code for the latest version of open-source browser Firefox was published Wednesday, potentially putting users at risk of a denial-of-service attack.
The exploit code takes advantage of a bug in the recently released Firefox 1.5, running on Windows XP with Service Pack 2. Firefox, which initially debuted over a year ago, has moved swiftly to capture 8 percent of the browser market.
The latest Firefox flaw exists in the history.dat file, which stores information from Web sites users have visited with the Firefox 1.5 browser, according to a posting on the Internet Storm Center, which monitors online threats.
"If the topic of a page is crafted to be long enough, it will crash the browser each time it is started after going to such a page," according to the Internet Storm Center posting. "Once this happens, Firefox will be unable to be started until you erase the history.dat file manually."
In testing Firefox 1.5 without a system running McAfee security software, the Firefox 1.5 browser would stall and not respond to a user's mouse, said Johannes Ullrich, chief research officer for the Sans Institute, which runs the Internet Storm Center.
"Users have to kill out of the browser and start over again. This stalled browser creates a DOS (denial of service) condition," Ullrich said.
Packet Storm, the security group that initially published the proof-of-concept exploit code, noted that in addition to the potential denial-of-service attack that could follow a buffer overflow, systems may also be subject to a malicious execution of code.
Ullrich, however, said while the potential may exist, it has not been proven either way that malicious code could be executed.
Mozilla Foundation, which released Firefox, said it was not able to confirm the browser would crash or be at risk of a DOS attack, after visiting certain Web sites. And Mozilla has not received any reports from users of such a problem, said Mike Schroepfer, vice president of engineering for Mozilla Corp.
He added that Firefox 1.5 can be slugglish on its next start-up, due to a bug in the history.dat, but it is not a security problem.
"We have gotten no independent verification that it crashes (Firefox), but there have been a lot of attempts to try," Schroepfer said.
Haha! Your software purchases still fund the Dems. Can't get around that one. Amounts really don't matter...you're still helping those who oppose us, all while pointing the finger at virtually everyone else.
You know, I donate to Republican causes, but don't water it down by giving cash to the Dems with the other hand. Apparently, you support that two-faced kind of behavior, even hold it up as the ideal. That's why you're working so hard now to defend it. And, that's why I don't give my money to software companies that do it. Too bad for you that you can't say the same.
I am using Portable Firefox. It's on my jump drive which precludes me from dropping the url's into a folder since I am using it at work on the company's computer. They let us browse the web but won't let us install Firefox. We have to use IE. Firefox is so much more versatile and user friendly I don't understand why everyone doesn't use it.
Haha! You crack me up...trying now to turn the discussion to my socioeconomic status rather than defend your hypocrisy!
Keep digging that hole, Buzzy!
Hey it's better than outright supporting free software for communist governments. There's just no way in hell you can defend yourself on that, especially when you're so fanatical about it. One of the ten most important things in your life? Did you really post that?
Fanatical? Now you're making up stuff out of thin air. Have to do that instead of facing the fact that you support the Dems and the Commies and the Planned Parenthood crowd with your own money. And I don't. I'd be looking for something else to talk about too if I were you.
I know the truth hurts, but you'll have to face it sooner or later. See ya tomorrow, Buzzy!
Don't forget to read the GNU Manifesto before you go to bed, like normal.
LOL, you can't even read, you poor thing...my profile page lists "stuff I like, no matter what you think". It's not a top 10, it's just 10 things. Of course, now that you're grasping at straws, you'll look for anything. Poor baby.
Except #1. That one is my favorite.
I'll sleep well, knowing I didn't help the Dems in the last election!
Night, Buzzy!
It's a crying shame that this has become the crux of your argument, but I guess that was inevitable.
Well just put the folder on the usb drive ... :-) I use folders for temporary bookmarks on threads and comments more and more. Doesn't clutter up the browser's bookmarks. I also find the history file not 'fine grained' enough to track back to posts I did.
These usb drives, all sorts -- flash or hard drives, are real handy gadgets. I am using them more and more. When coupled with small appliance servers, like the Linksys NSLU2 they really are handy.
User
Weak.
But on your level.
Hardly use IE anymore since FFox1.0 and now 1.5 .
(Denny Crane: "I Don't Want To Socialize With A Pinko Liberal Democrat Commie. Say What You Like About Republicans. We Stick To Our Convictions. Even When We Know We're Dead Wrong.")
Ya. firefox rocks. It's what I use 99% of the time. This is an old issue anyway.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.