Unpatched Firefox 1.5 exploit made public

Cnet ^ | 12/08/2005 | Dawn Kawamoto

[zeugma]

If you're using Firefox, turn off your history to keep evil sites from being able to crash your browser.

The actual likelihood of running into one of these unless you regularly browse through the shady side of the net, but it's always bettyer to be safe than sorry. Note: that this particular defect does not propagate. That is, it is not a virus or worm. Some nasty person can make your browser crash, which can be fairly traumatic I'll admit after your browser has been up for a week or so with 30 tabs - but still.

[FEARED MUTATION]

the shady side of the net

Does that include porn sites?

[Terpfen]

If you're using Firefox, turn off your history to keep evil sites from being able to crash your browser.

Proof of concept code does not equal an exploit in the wild.

You know, it's really nice of these security companies to wait until the final release before announcing these things. Mozilla puts out nightly builds, betas, and release candidates for a reason.

[don-o]

If you're using Firefox, turn off your history to keep evil sites from being able to crash your browser.

Is it turned off, if nothing drops down when you click on the address bar?

[dynachrome]

"Does that include porn sites?" Why, no, of course not. Go right ahead.:)

[ThinkDifferent]

The sample exploit doesn't crash Firefox on my system with OS X 10.4.2. It does seem to make Firefox take a long time to quit and launch though.

[raybbr]

Do you have any tips on running firefox from a removable drive? I haven't tried it yet but people here at work say they run it from their jump drives.

[tubebender]

How many users of Firefox 1.5 are out there?

[M_i_G]

Count one here. :)

[Malesherbes]

I'm one and I appreciate the posts about Firefox that appear on FR from time to time.

[zeugma]

Does that include porn sites?

Only in a technically true sense.

[MilspecRob]

Thats me, and I really like it.

[Ole Okie]

One here also.

[zeugma]

Do you have any tips on running firefox from a removable drive? I haven't tried it yet but people here at work say they run it from their jump drives.

No. I haven't tried that either, but I've seriously considered checking out how well it works. Personally, I prefer Knoppix for that kind of thing. It doesn't work if you want to save bookmarks and cookies though.

[zeugma]

Is it turned off, if nothing drops down when you click on the address bar?

No. That's actually two different things, I believe. I could be wrong though. I'll have to check it out. Does anyone else know?

[ThinkDifferent]

Update: Slashdot posters are reporting similar behavior. The exploit doesn't crash Firefox, but it can make it take a long time to read the history file and thus appear to have hung. It's unlikely that this is an actual security threat, although it could be annoying.

[zeugma]

I'm not sure how many users there are. When version 1.5 was released, there were a million downloads during the first 24 hours, so apparently, there are a few of us out here. That doesn't count people like me who download one copy and load onto 4 computers here at home, and about 10 at work.

[Golden Eagle]

I prefer Knoppix for that kind of thing.

Is that from Germany, or where? Don't you have to burn a new CD every time there's a security patch? Such as if your firefox on your bootable knoppix needed this patch, you'd have to make a whole new cd wouldn't you?

[zeugma]

Update: Slashdot posters are reporting similar behavior. The exploit doesn't crash Firefox, but it can make it take a long time to read the history file and thus appear to have hung. It's unlikely that this is an actual security threat, although it could be annoying.

Good to know. I would imagine in that case, that a quick fix if you got bitten by this would be to simply clear your history.

I figure it's better safe than sorry with this type of thing. Better to post, then clarify as more information is forthcoming.

[steveo]

me three