• On MovieTome: CAPTAIN AMERICA was in THE HULK?!?
advertisementAT&T Tech Support 360

December 12, 2005 4:44 PM PST

Mozilla issues Firefox alert

By Colin Barker
Special to CNET News.com

  • Print
Related Stories

Browsers to get sturdier padlocks

 December 12, 2005

Unpatched Firefox 1.5 exploit made public

 December 8, 2005

IE flaw lets intruders into Google Desktop

 December 2, 2005
The Mozilla Foundation has issued a security advisory, acknowledging concerns about a potential flaw in its Firefox 1.5 browser.

However, the browser company strenuously denied in its Sunday advisory that the problem would cause any lasting damage to the application. It maintains that the glitch is very easy to fix.

"We have investigated this issue and can find no basis for claims that variants of this denial-of-service attack can cause an exploitable crash," Mozilla said in its advisory.

The issue came to light last Wednesday, when the first exploit code for the potential vulnerability was published.

The problem occurs with extremely long history.dat files. If the history file gets larger than 10.5MB, then the system can appear to freeze. Mozilla said the system is not actually frozen, but it takes time to clear the history buffer. The company said that to cure the problem, users need to clear the History archive.

Mozilla said in a statement that it has "issued a security advisory on a temporary start-up unresponsiveness caused by Web pages in a browser history with extremely long titles. If a user encounters this problem, the slow start can be fixed by clearing the browser history."

The problem has been given a noncritical rating by Mozilla.

Colin Barker of ZDNet UK reported from London.

See more CNET content tagged:
Mozilla Corp., browser company, Firefox, Web browser, security

Add a Comment (Log in or register) 13 comments
Yawn
by ajbright December 12, 2005 4:55 PM PST
Or you could just configure firefox to delete it's history when you close it, along with any other private data you choose to include in it's one click clear up the new version now provides.

Check the settings button under any of the privacy options and you'll see how easy this is to do.

Show me an IE malware hole that is that easy to resolve..
Reply to this comment
Easy IE malware solution...
by VI Joker December 12, 2005 5:09 PM PST
...use Firefox. :)
lol
by nrlz December 12, 2005 9:10 PM PST
It's funny how you can take a bug that only affects Firefox and not IE and be able to spin it into an advantage.
Deploy A Patch!
by Dustyn December 12, 2005 6:30 PM PST
Don't start falling behind like Microsoft and their "single" patch relese cycle per month. If this issue is so easy to correct and is not a huge deal... why don't you just deploy it across the network so that the Auto Update Mechanism in Firefox 1.5 is triggered to automatically apply the update?

Waiting for another serious issue just to deploy the fix is plain dumb, IMO.
Reply to this comment
Why Clear Or Set History To "0 Days?"
by Dustyn December 12, 2005 6:35 PM PST
History is a part of every browser and maintains site usage tracks you have frequently visited. Some people find this feature handy.
Reply to this comment
Bad article
by pmsyyz December 12, 2005 7:54 PM PST
"acknowledging concerns about a potential flaw in its Firefox 1.5 browser that could cause a buffer overflow error."

Factually incorrect, Mr. Colin Barker.

Here is what Mozilla has said:

We have investigated this issue and can find no basis for claims that variants of this denial-of-service attack can cause an exploitable crash, and no evidence for this claim has been offered. There does not appear to be any risk to users or their computers beyond the temporary unresponsiveness at startup.

http://www.mozilla.org/security/history-title.html
Reply to this comment
Correct
by ddesy December 13, 2005 9:16 AM PST
It's good to see that somebody caught this!
IE7 will release with how many holes in it?
by John.Q.Public December 13, 2005 6:11 AM PST
One one minor problem with FF1.5 upon release! How many do you think IE7 will have? and how many months to get IE7's holes fixed vs days or hours to fix FF holes. Biggest "headache" with new FF release is the extensions not always being compatiable.
Reply to this comment
Less then FF 1
by FutureGuy December 13, 2005 7:58 AM PST
Don't forget that this is a minor version release (1.5) FF1 came with over a dozen holes in it.
View reply
Thank God..
by FutureGuy December 13, 2005 7:56 AM PST
..its a bug not a flaw. That makes me feel so much better ;)
Reply to this comment
Whats the difference?
by SystemsJunky December 13, 2005 8:30 AM PST
Between a bug, and a flaw? Gee, Windows has a ton of fla...I mean bugs in it.
Reply to this comment
erasing history NO solution
by Mork2006 February 16, 2006 12:23 PM PST
The history is very convenient, sometimes much more so than bookmarks. Oft visited sites require two or three characters entered in location to expand and browse. The REAL SOLUTION would be to release history.dat management software to prune lesser used URLs, and retain the oft visited sites! How many years have we gone without a history management option? How many thousands of users pine for this feature? Zeroing the file is like nailing a trembling hand to the kitchen table. It appears to stop the tremmors but...
Reply to this comment
advertisement
Click Here

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets

Market news, charts, SEC filings, and more

Related quotes

Dow Jones Industrials (-7.70%) -679.95 8,149.09
S&P 500 (-8.93%) -80.03 816.21
NASDAQ (-8.95%) -137.50 1,398.07
CNET TECH (-7.06%) -77.09 1,014.20
  Symbol Lookup
advertisement

Inside CNET News

Scroll Left Scroll Right
News
Latest news
Business tech
Green tech
Wireless
Security
Media
Popular topics
Apple iPhone
Apple iPod
CES
Cell phones
Dell
GPS
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
Corrections
Customer Help Center
RSS
What's new
About CNET