All the latest UK technology news, reviews and analysis
|
|
|
09 Dec 2005
Security experts at Packet Storm have published proof-of-concept code that exploits an unpatched flaw in the Firefox 1.5 browser, making the application vulnerable to a denial of service attack.
The code marks the first publicly disclosed security vulnerability in Firefox 1.5 since the version became available in late November.
The published code will add a large entry to the 'history.dat' file of the browser, causing the application to freeze or crash the next time it is launched.
Users can fix the problem by manually erasing the file. Another option is to change the browser setting to disable the saving of history data by setting the days of saved history to zero or increasing the privacy control.
While the proof-of-concept code is relatively harmless, the flaw could be exploited to install malware, according to John Bambenek, a researcher with the University of Illinois at Urbana-Champaign and a volunteer at the SANS Internet Storm Center.
"Presumably, if the topic was more tightly crafted than in the proof-of-concept code, a more malicious attack could be crafted that would install malware on the machine with the extra step of being reinstalled after each restart of Firefox," Bambenek wrote.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Field/Site Engineering Manager/Leader Brief: Polar...
Product Manager, Open Repository (ref:BMC/PMR) End...
Java/J2EE Software Developer/Programmer - Dotcom/ eCommerce...
Field/Site Engineering Manager/Leader Brief: Polar...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
This cannot allow remote code execution
This vulnerability does not allow for remote code execution. It isn't even a buffer overflow vulnerability (the kind of vulnerability that can often allow for remote code execution, and something security firms usually suspect when they see a crash). All this is is a way to get Firefox caught up in a really long process that consumes a lot of system resources. The length of time Firefox spends on this process depends on the size of the title used to trigger this problem, but Firefox never actually crashes. What happens is that Windows (or whatever operating system you're on) notices that Firefox is taking a long time to do something and asks if you want to force the program to close. All memory is handled correctly -- just inefficiently -- and so there is absolutely no reason to believe that this could allow for remote code execution. This is simply a case of a website being able to dramatically slow down your browser's startup time, nothing more.
Posted by: David Hammond 09 Dec 2005