Simple DoS for Firefox 1.5
Results 1 to 4 of 4

Thread: Simple DoS for Firefox 1.5

  1. #1
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055

    Simple DoS for Firefox 1.5

    I saw this while browsing zone-h.org's security news and I figured since most AO'ers are Firefox users, that this might be of some importance.

    Simple DoS for Firefox 1.5
    Published: 2005-12-07

    An exploit for the new Firefox 1.5 browser was released today that causes a denial of service condition using a simple web page as a trigger.

    The heart of the problem lies with the history.dat file that Firefox creates, according to a posting on Packet Storm. The exploit creates a very large entry which Firefox then saves into the history.dat file. This causes the browser to crash the next time it is opened, and each time after that until the history.dat file is deleted from the system.

    The author of the exploit points out that average users may have difficulty figuring out this fix, preventing browser use and effectively creating a denial of service condition. In the past there have been debates over browser bugs and if they are truly denial of service attacks - today’s bug is sure to rekindle these arguments.

    The final line of the exploit description warns that code execution is a possibility with some modifications to the sample exploit.
    Sounds like a simple way to execute a DoS by merely creating an extensively large file from what I gathered. Read the full article at securityfocus here.
    Space For Rent.. =]

  2. #2
    Member
    Join Date
    Jan 2005
    Posts
    73
    Wow, I'm a bit surprised that the folks at Mozilla didn't catch that one. I mean, it doesn't seem like an obscure attack vector. Still, 1.5 has only been out in its final form for a few days, so I suppose a few "doh" moments are expected
    \"The future stretches out before us, uncharted. Find the open road and look back with a sense of wonder. How pregnant this moment in time. How mysterious the path ahead. Now, step forward.\"
    Phillip Toshio Sudo, Zen Computer
    Have faith, but lock your door.

  3. #3
    Senior Member Godsrock37's Avatar
    Join Date
    Jan 2005
    Location
    PA
    Posts
    121
    how could you modify that script for code execution? not seeing it, maybe i dont understand buffer overflow, which is quite possible. i thought the buffer was a limited cache for that program in RAM which would later be processed, if it was exceeded the program crashed. how can you get code execution out of that? the overflow bumps existing commands to the processor? other than the possibility of code execution it just sounds like a pain in the butt.

    WolfRune: totally agree, not that complex an exploit to notice, but then again i do stuff like that with the little scripts i write all the time
    if God was willing to live all out for us, why aren't we willing to live all out for Him? God bless,
    Godsrock37
    my home my forum

  4. #4
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    Wolfrune: Perhaps, yes.. but a "doh" moment on something like that should have been caught in testing of the product, no?
    Space For Rent.. =]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •