DoS attack risk for Firefox 1.5 users

by admin December 9, 2005 at 11:33 am

Exploit goes public…

Exploit code for the latest version of open-source browser Firefox was published on Wednesday, potentially putting users at risk of a denial of service (DoS) attack.

The exploit code takes advantage of a bug in the recently released Firefox 1.5, running on Windows XP with Service Pack 2. Firefox, which initially debuted more than a year ago, has moved swiftly to capture eight per cent of the browser market.

The latest Firefox flaw exists in the history.dat file, which stores information from websites users have visited with the Firefox 1.5 browser, according to a posting on the Internet Storm Center, which monitors online threats.

According to the posting: “If the topic of a page is crafted to be long enough, it will crash the browser each time it is started after going to such a page. Once this happens, Firefox will be unable to be started until you erase the history.dat file manually.”

Full story: