Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to del.icio.us  
Simple DoS for Firefox 1.5
Published: 2005-12-07

An exploit for the new Firefox 1.5 browser was released today that causes a denial of service condition using a simple web page as a trigger.

The heart of the problem lies with the history.dat file that Firefox creates, according to a posting on Packet Storm. The exploit creates a very large entry which Firefox then saves into the history.dat file. This causes the browser to crash the next time it is opened, and each time after that until the history.dat file is deleted from the system.

The author of the exploit points out that average users may have difficulty figuring out this fix, preventing browser use and effectively creating a denial of service condition. In the past there have been debates over browser bugs and if they are truly denial of service attacks - today’s bug is sure to rekindle these arguments.

The final line of the exploit description warns that code execution is a possibility with some modifications to the sample exploit.

Posted by: Peter Laborge
    Digg this story   Add to del.icio.us  
 
Comments Mode:
Simple DoS for Firefox 1.5 2005-12-07
Anonymous (1 replies)
Re: Simple DoS for Firefox 1.5 2005-12-08
Anonymous
Simple DoS for Firefox 1.5 2005-12-08
Anonymous
Simple DoS for Firefox 1.5 2005-12-08
Anonymous (1 replies)
Simple DoS for Firefox 1.5 2005-12-08
Anonymous
Simple DoS for Firefox 1.5 2005-12-08
Anonymous (1 replies)
Re: Simple DoS for Firefox 1.5 2005-12-08
qwertysifu
Simple DoS for Firefox 1.5 2005-12-08
Matthew Murphy (1 replies)
Re: Simple DoS for Firefox 1.5 2005-12-11
Anonymous
Simple DoS for Firefox 1.5 2006-01-03
Anonymous







 

Privacy Statement
Copyright 2009, SecurityFocus