Posted on 12/08/2005 4:06:06 PM PST by zeugma
Exploit code for the latest version of open-source browser Firefox was published Wednesday, potentially putting users at risk of a denial-of-service attack.
The exploit code takes advantage of a bug in the recently released Firefox 1.5, running on Windows XP with Service Pack 2. Firefox, which initially debuted over a year ago, has moved swiftly to capture 8 percent of the browser market.
The latest Firefox flaw exists in the history.dat file, which stores information from Web sites users have visited with the Firefox 1.5 browser, according to a posting on the Internet Storm Center, which monitors online threats.
"If the topic of a page is crafted to be long enough, it will crash the browser each time it is started after going to such a page," according to the Internet Storm Center posting. "Once this happens, Firefox will be unable to be started until you erase the history.dat file manually."
In testing Firefox 1.5 without a system running McAfee security software, the Firefox 1.5 browser would stall and not respond to a user's mouse, said Johannes Ullrich, chief research officer for the Sans Institute, which runs the Internet Storm Center.
"Users have to kill out of the browser and start over again. This stalled browser creates a DOS (denial of service) condition," Ullrich said.
Packet Storm, the security group that initially published the proof-of-concept exploit code, noted that in addition to the potential denial-of-service attack that could follow a buffer overflow, systems may also be subject to a malicious execution of code.
Ullrich, however, said while the potential may exist, it has not been proven either way that malicious code could be executed.
Mozilla Foundation, which released Firefox, said it was not able to confirm the browser would crash or be at risk of a DOS attack, after visiting certain Web sites. And Mozilla has not received any reports from users of such a problem, said Mike Schroepfer, vice president of engineering for Mozilla Corp.
He added that Firefox 1.5 can be slugglish on its next start-up, due to a bug in the history.dat, but it is not a security problem.
"We have gotten no independent verification that it crashes (Firefox), but there have been a lot of attempts to try," Schroepfer said.
The actual likelihood of running into one of these unless you regularly browse through the shady side of the net, but it's always bettyer to be safe than sorry. Note: that this particular defect does not propagate. That is, it is not a virus or worm. Some nasty person can make your browser crash, which can be fairly traumatic I'll admit after your browser has been up for a week or so with 30 tabs - but still.
Does that include porn sites?
Is it turned off, if nothing drops down when you click on the address bar?
"Does that include porn sites?" Why, no, of course not. Go right ahead.:)
The sample exploit doesn't crash Firefox on my system with OS X 10.4.2. It does seem to make Firefox take a long time to quit and launch though.
Do you have any tips on running firefox from a removable drive? I haven't tried it yet but people here at work say they run it from their jump drives.
Count one here. :)
I'm one and I appreciate the posts about Firefox that appear on FR from time to time.
Only in a technically true sense.
Thats me, and I really like it.
One here also.
No. I haven't tried that either, but I've seriously considered checking out how well it works. Personally, I prefer Knoppix for that kind of thing. It doesn't work if you want to save bookmarks and cookies though.
No. That's actually two different things, I believe. I could be wrong though. I'll have to check it out. Does anyone else know?
Update: Slashdot posters are reporting similar behavior. The exploit doesn't crash Firefox, but it can make it take a long time to read the history file and thus appear to have hung. It's unlikely that this is an actual security threat, although it could be annoying.
Is that from Germany, or where? Don't you have to burn a new CD every time there's a security patch? Such as if your firefox on your bootable knoppix needed this patch, you'd have to make a whole new cd wouldn't you?
Good to know. I would imagine in that case, that a quick fix if you got bitten by this would be to simply clear your history.
I figure it's better safe than sorry with this type of thing. Better to post, then clarify as more information is forthcoming.
me three
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.