Home  Top Stories  Sports  Entertainment  Health News  Business  Personal Finance 
Real Estate  Business Finance  Insurance  Consulting 
Tax News  Forum


 

Writers






 


Featured Articles







BUSINESS



 


 

 

 
 


 

Possible Exploitable Flaw Found in New Firefox Browser Version

December 15th 2005

Possible Exploitable Flaws Found in New Firefox Browser Version

Firefox logo

Mozilla Foundation has issued a security advisory for its new Firefox version 1.5 browser.  This is what happens.  The browser will hang when the history includes a real long page title / location (like 2.5 million characters for instance).  The browser will hang when processing the long file.

The only way to correct this is to clear the Firefox history file (history.dat).  Researchers at PacketStorm security group has warned that the bug can result in hackers gaining control of a system, not just a denial of service (DoS) attack.

Mozilla claims there is no evidence of a security risk.  According to TechTree the advisory says that “there is no risk to users or their computers, beyond the browser's temporary un-responsiveness at start-up.”  Mozilla adds that there is no evidence found to back-up claims that variants of the DoS attack can cause an exploitable crash.

 

The problem appears to be easy to fix, according to Mozilla.  If the history.dat file exceeds 10.5MB the system will appear to freeze.  According to Silicon.com the system is not really frozen, but just takes a lot of time to clear the buffer.

The security advisory issued Sunday did acknowledge concerns that can cause a buffer overflow error.  Wednesday the first exploit code for this vulnerability was published.  This non-critical error (according to Mozilla) can be fixed by “clearing the browser history”. 

 
Comments on this Article at our Forum

Submit your own Article

Firefox 1.5 Advantages

  RSS Feed to our Technology feed

  RSS Feed to all of our content

 Add to My Yahoo!   Subscribe with Pluck RSS reader  

       Subscribe in NewsGator Online 

 Add this feed to Your C-Net 

 

By Dan Wilson
Best Syndication Staff Writer

 

Keywords and misspellings:  I E how to fix I-Tunes securite edey firfox


Google
 
Web BestSyndication.com

About   Contact   site map

Copyright 2005 Best Syndication                                            Last Updated Saturday, July 10, 2010 09:45 PM