UPDATES:
The machine I was testing this on has McAfee Enterprise 8, and
Firefox would not crash. Despite my valiant efforts in disabling the protection, I couldn't get it to crash. While annoyed that I couldn't (short of uninstalling) get the protection disabled, it probablly is a good thing. I'll test more when I get in the office tomorrow and have more machines to play with.
This seems to be more of a denial of service than a true buffer overflow. It looks like
Firefox just chokes on page topics that are too long. Some people it hangs, other people it crashes.
WORKAROUNDS:
However, the following is a workaround that should work (if it doesn't let me know). Go to Tools -> Options.
Select the Privacy Icon, and then the History tab. Set the number of days to save pages at 0. This will disable writing anything to history.dat as far as I can tell, and should nullify the exploit. Readers have confirmed that this workaround does prevent the buffer overflow. You can also change your privacy settings to delete personal info when you close Firefox.
Another workaround is to modify prefs.js while Firefox has not been started and put in the line:
user_pref("capability.policy.default.HTMLDocument.title.set","noAccess");
Lastly, you can also run the NoScript extension, found here. (Which I have not looked at in depth.) However, there are other ways of exploiting this where NoScript might not work.
Some users have reported being unable to reproduce this error. I will test more to try to establish what makes this work and not. So far it appears Mac users are not affected by this.
Reply With Quote
