Flaw in version 1.5 could be exploited to install malware
First Firefox 1.5 exploit made public
/v3-uk/news/1989245/first-firefox-exploit-public
09 Dec 2005, Tom Sanders in California , V3
Security experts at Packet Storm have published proof-of-concept code that exploits an unpatched flaw in the Firefox 1.5 browser, making the application vulnerable to a denial of service attack.
The code marks the first publicly disclosed security vulnerability in Firefox 1.5 since the version became available in late November.
The published code will add a large entry to the 'history.dat' file of the browser, causing the application to freeze or crash the next time it is launched.
Users can fix the problem by manually erasing the file. Another option is to change the browser setting to disable the saving of history data by setting the days of saved history to zero or increasing the privacy control.
While the proof-of-concept code is relatively harmless, the flaw could be exploited to install malware, according to John Bambenek, a researcher with the University of Illinois at Urbana-Champaign and a volunteer at the SANS Internet Storm Center.
"Presumably, if the topic was more tightly crafted than in the proof-of-concept code, a more malicious attack could be crafted that would install malware on the machine with the extra step of being reinstalled after each restart of Firefox," Bambenek wrote.
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093
Do you agree?
This cannot allow remote code execution
This vulnerability does not allow for remote code execution. It isn't even a buffer overflow vulnerability (the kind of vulnerability that can often allow for remote code execution, and something security firms usually suspect when they see a crash). All this is is a way to get Firefox caught up in a really long process that consumes a lot of system resources. The length of time Firefox spends on this process depends on the size of the title used to trigger this problem, but Firefox never actually crashes. What happens is that Windows (or whatever operating system you're on) notices that Firefox is taking a long time to do something and asks if you want to force the program to close. All memory is handled correctly -- just inefficiently -- and so there is absolutely no reason to believe that this could allow for remote code execution. This is simply a case of a website being able to dramatically slow down your browser's startup time, nothing more.
Posted by David Hammond, 09 Dec 2005