Contrary to the PacketStorm article's reporting, there is NOT a vulnerability in Firefox. The proof-of-concept code that is available only causes a brief startup delay, that is easily attributed to Firefox loading the (larger) history.dat file.

Users are not at any significant risk as a result of this "vulnerability", according to my initial research and the results of others testing the PoC code.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/newsbriefs/73/280#280