Mozilla Firefox History Information Denial of Service Weakness

Started by roddy32, December 08, 2005, 09:24:10 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

roddy32

TITLE:
Mozilla Firefox History Information Denial of Service Weakness

SECUNIA ADVISORY ID:
SA17934

VERIFY ADVISORY:
http://secunia.com/advisories/17934/

CRITICAL:
Not critical

IMPACT:
DoS

WHERE:
From remote

SOFTWARE:
Mozilla Firefox 1.x
http://secunia.com/product/4227/

DESCRIPTION:
ZIPLOCK has discovered a weakness in Mozilla Firefox, which can be
exploited by malicious people to cause a DoS (Denial of Service).

The weakness is caused due to an error in the handling of large
history information. This can be exploited to fill the history file
"history.dat" with large history information by tricking a user into
visiting a malicious web site with an overly large title (e.g. set
via JavaScript).

Successful exploitation causes the browser to consume a large amount
of CPU and memory resources on a vulnerable system when the affected
browser is started up again after an attack. Users may have to remove
the "history.dat" file in order to be able to use the affected
browser.

The weakness has been confirmed in version 1.5. Other versions may
also be affected.

SOLUTION:
Configure Firefox to clear history information when closing the
browser. This affects functionality.
Tools -> Options... --> Privacy --> Settings...

PROVIDED AND/OR DISCOVERED BY:
ZIPLOCK
Microsoft MVP Consumer Security 2006 - 2012

Log'N'Rock Computer Security