Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×

309 comments

FC4, 1.5 (4, Insightful)

(1+-sqrt(5))*(2**-1) (868173) | more than 8 years ago | (#14214450)

I can report that the exploit doesn't work on FC4, with the latest 1.5 built from source.

Re:FC4, 1.5 (5, Informative)

Anonymous Coward | more than 8 years ago | (#14214565)

The Mozilla people are also reporting that the exploit doesn't seem to work on any version of 1.5:

Mozilla Foundation, which released Firefox, said it was not able to confirm the browser would crash or be at risk of a DOS attack, after visiting certain Web sites.

"We have gotten no independent verification that it crashes (Firefox), but there have been a lot of attempts to try," Schroepfer said.

Apparently they're having a hard time duplicating this particular bug. Has anyone here on /. seen it actually happen?

Posting from an "Exploited" FF 1.5 (5, Informative)

tyler_larson (558763) | more than 8 years ago | (#14214766)

False alarm. No security-related concerns, just overenthusiastic reporting.

If you run the script below, it will create a page with a title that's quite huge. Close your browser and open it again. The browser will spin for about 2 minutes what it tries to make sense the contents of your history file. Once it's finished, you'll be back up and running, with no degradation in performance or visible side-effects. You'll be able to even view your browsing history (including the offending page). In fact, I'm posting this response after following the process described above (on WinXP), and I have a history entry entitled "AAAAAAAAAAAAAAAAA..."

A bit of an annoyance, but hardly a security issue.

Here's the official exploit code:

function ex() {
var buffer = "";
for (var i = 0; i < 5000; i++) {
buffer += "A";
}
var buffer2 = buffer;
for (i = 0; i < 500; i++) {
buffer2 += buffer;
}
document.title = buffer2;
}

Re:FC4, 1.5 (2)

swtaarrs (640506) | more than 8 years ago | (#14214784)

Yeah....the article says it affects XP SP 2

Non-Story (4, Informative)

Midnight Thunder (17205) | more than 8 years ago | (#14214807)

C|Net has added the following correction at the end of the story:

"Correction: This story incorrectly stated the affiliation of Mike Schroepfer, Mozilla's results in verifying the Firefox 1.5 flaw, and the nature of the problem. Schroepfer is vice president of engineering with Mozilla Corp., and Mozilla has not been able to verify its browser can crash and lead to a denial-of-service condition. The problem itself was not a security vulnerability but actually a flaw in the browser."

So Firefox crashes, but no security vunerabilty.

B-b-but Microsoft! (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14214457)

B-b-but Microsoft!!!

HUMANS UGLY . 8=D (_*_) . TROLLS BEAUTIFUL (0, Offtopic)

Sexual Asspussy (453406) | more than 8 years ago | (#14214754)

She was wearing short denim cutoffs which showed off her long legs and barely covered her tight little ass. I wondered if it was virgin. Her tank top clung to her obviously braless tits. Her feet were bare which reminded me of my Grandpa's saying. A woman's place was in the kitchen, barefoot and pregnant. God, I would love to cook with her.

  She flounced her hair again, sending a whiff of roses to me. I watched as it fell in curls over her shoulders. Her green eyes were laughing as she pulled out a cherry blow pop, you know the kind with the gum in the center, and peeled off the wrapper.

  "Want a lick?"

  I groaned. The little tease. I could just imagine her under me, my mouth covering her breasts, biting her and licking her nipples. I could imagine licking many things, getting her sticky, but not a damn lollipop.

  "Suit yourself."

  Her tongue darted out and licked the candy. I groaned again, imagining her licking me. My cock throbbed and started to grow. I heard her chuckle.

  "My, my, what a package."

  She stood up and walked into the house. I started to follow her. Would she finally stop teasing me? I watched her walk down the hall into her room and close the door. I took a breath and followed her.

  She seemed surprised when I opened the door. I took the lollipop from her and stuck it in my mouth.

  "Fine, you can have it."

  She turned around again. Was she expecting me to leave? I grabbed her arm and turned her back to me.

  "Adam, what are you doing?"

  I just stared at her.

  "Adam?"

  I pushed her towards the bed. She fell onto her back and I fell on top of her. Her mouth opened into a surprised "o".

  "Adam? What are you doing?"

  I could hear the fear in her voice and it excited me. I wanted to here her cry, to beg for mercy, to apologize for teasing me.

  Her eyes were wide as saucers. She started pushing at me and crying.

  "Oops, did I say that out loud?"

  "Adam please!"

  I kissed her, hard. My tongue snuck out and started licking her lips. My hand found her tank top and ripped it. She cried out and bucked her body, trying to get me off her. My mouth moved down and captured a nipple.

  "NO!"

  Her hands were beating on my head and shoulders. I pulled her ripped tank top off and used it to tie her hands above her head.

  "ADAM!"

  Her voice was suddenly whiny, annoying. It grated on my nerves. I felt myself losing control. I slapped her, hard.

  "You deserve this. After teasing me for so long, you deserve this."

  She quieted down except for the occasional whimper. I started suckling and licking her, exploring her body. I pulled her shorts off of her and stared at her cunt. It was bare, nude of all hair and encumbrances. I sighed, out of joy, relief? It was perfect, exactly how I imagined it to be.

  I spread her legs slowly, my tongue dancing up and down the length of them. I tickled her inner thighs, watching her squirm. I breatehd on her puss. She jumped and tried to pull away. My hands slid under her butt and held her in place. I looked at her, looked her straight in the eyes. Then, in one quick motion I pushed my face into her cunt.

  It was heaven! I licked her and bit her and sucked. I did everything I ever dreamed of. I licked her slit, nibbled her lips, sucked her clit. I pushed my tongue into, fucking her with it. I held her ass, kneading it more and more. I bit her, heard her cry out and did it again.

  She was mine. Everything I did was for my pleasure, not hers. She was my fuck toy and I told her so. I heard her begging me to stop. I don't know how long I did it to her, but then, I didn't care.

  I finally couldn't take it any longer. I pulled off my pants and rammed my cock into her. She screamed out. I heard a noise at the door and saw her brother just staring.

  "Get her good Adam! Let her have it!"

  I smiled and did just that. I rammed into her, slamming my hips against hers. I mauled her tits, twisting the nipples, biting them, licking them. I moved my hand down and pinched her clit. I heard her cry out, then she began to shake. Her entire body tightened around mine. Her legs locked around my waist, her mouth fastened on my shoulder and she bit me.

  I came hard and fast, pushing harder into her, I shot everything into her. It was the best orgasm of my life! I had taken her and loved it. When I finally came down, she was crying. I pulled out of her and sat back, watching my cum dripping out of her. She rolled onto her side, crying. I saw her ass and slapped it. She jumped.

  "What did we learn, here?"

  She was sobbing so hard she couldn't answer. I swatted her ass again.

  "What did we learn?"

  "Not to tease."

  She finally got the words out.

  "Good, because next time I'll take you in the ass."

  Her body stiffened.

  "Not now silly, if you ever tease me again."

  I pulled her onto my lap and held her while she cried herself to sleep.

  She did tease me again, but that's a different story. But I found out that Grandpa was right. Women are best barefoot and pregnant in the kitchen. Now if you'll excuse me, I need to check and see if my Little One needs any help with dinner. It's hard for her to bend over with that belly full of baby in the way.

Good Thing (5, Funny)

Anonymous Coward | more than 8 years ago | (#14214460)

I'm still using Internet Explorer!

Re:Good Thing (5, Funny)

sloths (909607) | more than 8 years ago | (#14214566)

Did it come with a free dinosaur?

Re:Good Thing (3, Funny)

AgentScummy (927127) | more than 8 years ago | (#14214614)

Mine came with Windows 3.1

Re:Good Thing (2, Funny)

aussie_a (778472) | more than 8 years ago | (#14214660)

No but it does come with free spyware.

Good Thing (1)

Seraphnote (655201) | more than 8 years ago | (#14214682)

Slashdot's the only website I go to!

(Oh yeah... the links, and the ads...)

(Oh and those other 3 news websites...)

(And... :)

i feel so unsaf on teh intarweb!! (2, Funny)

Anonymous Coward | more than 8 years ago | (#14214725)

Rendered using Microsoft's *NEW* CSS/Teenager parsing utility:

THA'TS WHY I SWETCHED TO IEXPOLRE TOOO.!

ITS MUCH BETTAR CSs COPMP1ANDCE I meEN WHy COmply WHEN You cna PWN THERE NUB ASSES??? harharAR

EVEN IT PROTECKS YOU

I wonder... (1, Interesting)

Anonymous Coward | more than 8 years ago | (#14214817)

If there is a fix for the insane memory leak that Firefox has. After installing 1.5, it gets up to 150M usage after a couple of hours with just 3-8 tabs open. After using the same instance for about half a day or so it's at 350M and the whole OS slows down until you close it and start another one. Even IE never did that crap to me. It's a shame.

Slashdot is now (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#14214461)

Slashcunia... How many exploit stories will be covered this year? 300 - 400 or more?

The fix (4, Informative)

rnelsonee (98732) | more than 8 years ago | (#14214469)

If it's already happened to you, just delete your history.dat file in your profile folder, and FireFox will create a new (empty) one on startup.

slashdot article title too terse (1)

x0n (120596) | more than 8 years ago | (#14214472)


"Unpatched firefox 1.5 exploit made public recently by an unknown source who refused to name himself or other..." *crash*

Obligatory Jamaican Response (5, Funny)

dotslashdot (694478) | more than 8 years ago | (#14214474)

Dat file will be history, man.

Re:Obligatory Jamaican Response (5, Informative)

uberjoe (726765) | more than 8 years ago | (#14214582)

You mean: "Dat file will be history Mon.

Re:Obligatory Jamaican Response (4, Funny)

Anonymous Coward | more than 8 years ago | (#14214686)

But the exploit was published on Wed.

Come on, how about a 5 for the brother (1)

twollamalove (935519) | more than 8 years ago | (#14214684)

That's my favorite comment in at least a week.

History.dat (1)

Life700MB (930032) | more than 8 years ago | (#14214476)


One more reason to work on mess that the history.dat file format is!

--
Superb hosting [tinyurl.com] 2400MB Storage, 120GB bandwidth, ssh, $7.95

Only crashes? (4, Informative)

ruiner13 (527499) | more than 8 years ago | (#14214481)

If this only crashes Firefox, how is it an "exploit"? I tend to use "exploit" as something that an attacker can use to their advantage to do something malicious. This is just an annoyance to have to move my poor cursor back to the icon and issue an oh-so-painful double-click.

Re:Only crashes? (3, Insightful)

courtarro (786894) | more than 8 years ago | (#14214523)

There are plenty of browser denial-of-service bugs, but few of them can actually render your browser useless upon every execution. This one has a lasting effect that's more significant that the old "do while(true) alert;"-style DoS attacks. A single double-click won't fix this one; you have to delete your old history.dat file.

Re:Only crashes? (1)

ruiner13 (527499) | more than 8 years ago | (#14214551)

Ok, so a right click, click, then double-click :) Still easier than having to reformat and reinstall windows because my computer has become a zombie. If this were IE, being tied into the OS as it is, a crash of your browser is far more likely to have other effects on other running processes.

Re:Only crashes? (3, Insightful)

Anonymous Coward | more than 8 years ago | (#14214528)

If it causes a crash, it's entirely likely that some malicious code could be injected into memory when that happens! If so, you're potentially up shit creek.

Re:Only crashes? (2, Interesting)

Da_Weasel (458921) | more than 8 years ago | (#14214683)

lets say that some malicious code gets "injected" into memory when Firefox crashes. What are the dangers? If Firefox crashes then its not going to attempt to use that memory for anything...because...ummm....it's not running! If it's not running then it can't be tricked into doing something with this malicious chunk of memory. The only other thing that is going to be looking at that memory space is the OS, and that would likely only be concerned with reclaiming those blocks of memory for use by other processes once the Firefox process exits.

Just because you can make a program crash, doesn't mean you can exploit it. As a matter of fact Firefox would be more dangerous if it didn't crash and kept on chuging along using corrupt data in the history.dat.

Re:Only crashes? (1)

m50d (797211) | more than 8 years ago | (#14214801)

Most usual reason for a crash is when a program tries to access a random(ish) memory location - it has no right to, so it segfaults. But if it's doing that it's often only one more step to making it access a particular memory location - in particular, to jump into the data you've just given it.

Re:Only crashes? (0)

Anonymous Coward | more than 8 years ago | (#14214781)

You are entirely incorrect. It isn't likely or even possible to inject anything into memory when an app crashes. When an application crashes, it just crashes. It stops running, and all the memory it was using is freed. It doesn't magically gain access to the rest of memory, and even if it did, the fact that the app is not running any more would make it rather difficult to exploit that.

Re:Only crashes? (1)

HoosierPeschke (887362) | more than 8 years ago | (#14214529)

They added a correction at the bottom of the article... (emphasis added)

Correction: This story incorrectly stated the affiliation of Mike Schroepfer, Mozilla's results in verifying the Firefox 1.5 flaw, and the nature of the problem. Schroepfer is vice president of engineering with Mozilla Corp., and Mozilla has not been able to verify its browser can crash and lead to a denial-of-service condition. The problem itself was a not security vulnerability but actually a flaw in the browser.

You are correct it's not an exploit, just a bug.

A crash can often lead to an overflow exploit (4, Insightful)

MushMouth (5650) | more than 8 years ago | (#14214536)

When an app crashes (firefox does quite often for me) it means that it is doing something that the programmer didn't expect. That could be all sorts of things, from taking all the cpu, to writing to memory that it shouldn't be. Most overflow exploits started as mere crashes.

Re:A crash can often lead to an overflow exploit (1, Insightful)

Anonymous Coward | more than 8 years ago | (#14214749)

Even if most overflow exploits start as crashes, it doesn't mean most crashes are overflow exploits. Certainly worth investigating, but assuming that every crash is an exploitable vulnerability and publishing a news story based on that assumption is dumb.

Re:Only crashes? (2, Insightful)

Jugalator (259273) | more than 8 years ago | (#14214546)

Crashes may be signs of buffer overruns and access violations, which is a bad thing not only from the app's and user's perspective, but also from a security perspective, e.g. if the memory space was prepared earlier with malicious code.

Re:Only crashes? (0)

tpgp (48001) | more than 8 years ago | (#14214557)

I tend to use "exploit" as something that an attacker can use to their advantage to do something malicious

Well - an attacker can use this exploit to do something malicious - crash your machine :-)

Wikipedia [wikipedia.org] agrees (hah! because I just edited the article*) that Denial of Services are exploits.

This is not a particularly serious exploit, (inspite of all the IE fanboys who are undoubtedly going to come out of the woodwork claiming that this proves firefox is no more secure), but it is an exploit nonetheless.

*For the humour impaired this is a joke...

Re:Only crashes? (2, Insightful)

Thundersnatch (671481) | more than 8 years ago | (#14214611)

The vulnerability is incorrect handling of input. In this case, the only *exploit* published so far is a DoS. But obviously there's something very wrong with the input validation in the code, and remote execution may be possible with a more clever exploit.

Witness the recent IE vulnerability, which MS didn't patch quickly because it was "only a DoS vulnerability". Of course, it turned out it was possible to execute code with the vulnerability, it just took a while for a better (worse?) exploit to be crafted.

Not just a crash. (1)

worb (935866) | more than 8 years ago | (#14214705)

You have gotten some responses already, but I would just like to point out that I don't think "normal" crash bugs are security issues. Normal crash bugs will cause the browser to shut down, and that's it.

However, it does become a security issue if the crash leads to the possibility to execute code on the local system, or if it permanently cripples the browser, as it does in this case.

I've seen a few "normal" crash bug reported as security issues, and I think that's rather silly and might end up mudding the waters, so to speak. If people cry wolf too many times, and it turns out that it's just a crash, which we all know happen, and they can't be exploited, then people will go "oh, it's just another crash" when a real issue is revealed. Such as this one.

My first reaction when I heard about this was "what? Another crasher reported as a security flaw? When will it all end?!" But then I read more to see if I was missing something, and it turned out to be a real issue.

It might not be a big deal to those of us who know how to work around it, but imagine one of the many novice users out there being caught by this flaw. They may dump Firefox and never look back.

Incremental updates (2, Informative)

moonbender (547943) | more than 8 years ago | (#14214484)

Sounds like a great opportunity to show off the snazzy automatic incremental update feature Firefox 1.5 has. Pushing a fix quickly to users who've got it enabled would be great.

Stopping the stupidity (5, Informative)

tjwhaynes (114792) | more than 8 years ago | (#14214485)

For anyone out there who wants a safer experience out on the web, you owe it to yourself to install the NoScript extension and only allow whitelisted sites to run Javascript. The exploit published this morning (more a DoS and only seems to affect some but not all installations of firefox 1.5 according to SANS [sans.org] ) uses a Javascript loop to build up an enormous topic that ends up being written into your history.dat file causing buffer overflow issues. Without Javascript, this sort of exploit is much tougher.

Cheers,
Toby Haynes

Re:Stopping the stupidity (3, Informative)

Psykus (827143) | more than 8 years ago | (#14214658)

The NoScript extension [mozilla.org] itself.

Re:Stopping the stupidity (5, Funny)

CosmeticLobotamy (155360) | more than 8 years ago | (#14214690)

The guy who drew the logo for that forgot the wingalings and the beefy arm.

Re:Stopping the stupidity (1)

Psykus (827143) | more than 8 years ago | (#14214718)

"I said consummate V's! CONSUMMATE!!!"

Stop the stupidity (2, Insightful)

NineNine (235196) | more than 8 years ago | (#14214678)

Another tip for you: if you remove the gas pedal from your car, you won't have any crashes! Really!

DOWNLOADING MORE SOFTWARE to intentionally disable part of a program that is supposed to work is 150% unacceptable.

Jesus, how bad does software have to get before people finally start to not use it? Luckily, I didn't pay anything for my Firefox installations, so I can't really bitch. But I CAN look at other, less buggy alternatives (like IE) that also offer useful features that Firefox doesn't, like Active X.

Re:Stop the stupidity (1)

hardaker (32597) | more than 8 years ago | (#14214752)

DOWNLOADING MORE SOFTWARE to intentionally disable part of a program that is supposed to work is 150% unacceptable.

I've always wondered why more browsers don't have JS enable/disable widgets by default. Konqueror has had this for eons and I love it dearly. My whitelist is small and is a trusted set of hosts. (now, the only problem with Konuqueror's JS implementation is that it fails on more sites than I'd like... Though 3.5 is supposed to be much better with JS.

Re:Stop the stupidity (1)

javaxman (705658) | more than 8 years ago | (#14214783)

I CAN look at other, less buggy alternatives (like IE) that also offer useful features that Firefox doesn't, like Active X.

Is that humor, or flamebait? It can be so difficult to tell...

how bad does software have to get before people finally start to not use it?

Yea, why DO people use JavaScript anyway ? But seriously, people are still using Windows, so... I guess the answer is "really, really bad".
;-)

Humor, people, humor!

Re:Stopping the stupidity (1)

dankelley (573611) | more than 8 years ago | (#14214681)

The poster is right. Back when I used linux, I liked this feature.

Today I browse with Safari on OSX, and I have javascript turned off by default. This is seldom problematic, since it's easy to turn javascript on for a moment once a week when it provides more than annoying eye candy.

Re:Stopping the stupidity (1)

bitcastle (934210) | more than 8 years ago | (#14214794)

No no no. JavaScript has come a long way - look at google maps and gmail - are you going to turn it off for this rare bug? perhaps if you visit lots of porn sites you might need it off...

DOS (5, Insightful)

kihjin (866070) | more than 8 years ago | (#14214490)

The 'exploit' seems only capable of a Denial of Service. There's no proof to indicate that malicious code could be executed.

Plus, read this (from the article):

"We have gotten no independent verification that it crashes (Firefox), but there have been a lot of attempts to try," Schroepfer said.

So, this is all very hypothetical then?

Not an "exploit" (4, Insightful)

joetainment (891917) | more than 8 years ago | (#14214497)

This isn't even related to security. Its just a bug.... lots of apps crash when something happens. Doesn't mean its ok, but it doesn't represent a security issue does it? (Unless I'm missing something...)

Re:Not an "exploit" (1)

bwd (936324) | more than 8 years ago | (#14214616)

Yea, it's no big deal. It just causes the browser to crash. Move along.

Not.

From the better-than-the-alternative dept (0)

Anonymous Coward | more than 8 years ago | (#14214498)

Notice it says "crash browser" and not "crash computer" or "fill with spyware".

Re:From the better-than-the-alternative dept (1)

Spy der Mann (805235) | more than 8 years ago | (#14214584)

Heh, the same was said about IE6's window() bug.

Remember: If it segfaults your program, it might as well make it execute code!

Re:From the better-than-the-alternative dept (0)

Anonymous Coward | more than 8 years ago | (#14214694)

Remember: If it segfaults your program, it might as well make it execute code!

Except that the out-of-range memory is never accessed, and no more code is excecuted. A segmentation fault means that the kernel had to shut down that particular process because it tried to access memory that wasn't allocated to it. It segfaults instead of allowing the memory access; it doesn't allow the access, and then segfault afterward.

Tin Hats Need Not Fear (4, Funny)

courtarro (786894) | more than 8 years ago | (#14214499)

Those of us with sturdy tin hats already have our histories disabled. Take that, evil!

Really (2, Insightful)

jupiter_ganymede (741242) | more than 8 years ago | (#14214501)

Is it just me or is this a pretty worthless report? I can't really see this as being an exploit anyone would care about unless you happen be work for a certain company in Redmond.

Re:Really (0)

Anonymous Coward | more than 8 years ago | (#14214572)

Who, Nintendo of America? Why would they care?

Back to IE for me (0)

Anonymous Coward | more than 8 years ago | (#14214505)

Getting my machined 0wned is one thing, but I just can't have my browser crashing.

Um... Did you RTFA? It's not an exploit (5, Informative)

Schrade (902157) | more than 8 years ago | (#14214508)

Quote from the bottom of the article:

Correction: This story incorrectly stated the affiliation of Mike Schroepfer, Mozilla's results in verifying the Firefox 1.5 flaw, and the nature of the problem. Schroepfer is vice president of engineering with Mozilla Corp., and Mozilla has not been able to verify its browser can crash and lead to a denial-of-service condition. The problem itself was a not security vulnerability but actually a flaw in the browser.

Read the article before you consider posting it with a sensational title!

It *IS* a vulnerability if it actually exists. (1)

worb (935866) | more than 8 years ago | (#14214729)

If it can be verified that this is indeed a valid bug in Firefox 1.5, then I would consider it a security issue.

Now, I definitely agree that normal crash bugs are NOT security issues, but in this case the browser won't start properly unless you erase the history, and all those novice Firefox switchers won't know that this workaround exists. As such, this bug, if it is actually there, will cripple Firefox for a large number of users.

Re:It *IS* a vulnerability if it actually exists. (1)

Schrade (902157) | more than 8 years ago | (#14214799)

There's a bug, there's no denying it. But to post a story about a crashing bug and say it's an exploit is just plain sensationalism. But then again, that's what 'trying to scoop!16155!%!!1' is about.

You can view the progress of the bug and patches here:

https://bugzilla.mozilla.org/show_bug.cgi?id=31900 4 [mozilla.org]

IE's execution of arbitrary code (5, Interesting)

Dreadlord (671979) | more than 8 years ago | (#14214513)

Before someone starts saying Firefox is vulnerable to exploits just as IE, this exploits crashes the browser and only that, now compare this to IE's execution of arbitrary code [slashdot.org] .

No software is perfect, but still, Firefox is clearly ahead.

Re:IE's execution of arbitrary code (2, Interesting)

ClamIAm (926466) | more than 8 years ago | (#14214714)

And a while back firefox had a bug (in Windows) that allowed access to a shell. Knowing the number of people that run with admin access, this is just as bad. I'm not saying FF is as bad as IE, just that bugs can be brutal. (and undescriminating)

Re:IE's execution of arbitrary code (0)

Anonymous Coward | more than 8 years ago | (#14214750)

What's clear is that anybody that know anything of security knows that this is opening possible code execution, even if current known exploit doesn't do that.

Good test for the new Update System (2, Insightful)

brandonp (126) | more than 8 years ago | (#14214518)

This will be a good test for the new Update System that was implemented in Firefox 1.5. Too bad it will need to be utilized so soon.

With the speed that the Firefox developers release their fixes and the ease of getting those fixes with the new system, I hope this will develop as proof of how well Firefox can handle these situations.

--
Brandon Petersen
http://www.brandonpetersen.com/ [brandonpetersen.com]

Re:Good test for the new Update System (1)

Ronald Dumsfeld (723277) | more than 8 years ago | (#14214642)

Updates you say? Can I have 1.5 first please?

Yes, the British English version isn't available yet. Is this a clever ploy to get everyone using American English?

Re:Good test for the new Update System (1)

mlefevre (67954) | more than 8 years ago | (#14214803)

No. There was an issue with some links to things in the British version. That issue has now been resolved, and it's just waiting for the build to get through the rest of the release process - should be out in the next day or two.

Vulnerability of known projects (0)

Anonymous Coward | more than 8 years ago | (#14214520)

With the spotlight on Firefox, it's obvious a lot more crackers and hackers are going to start looking at Mozilla Foundation's code. While previously there was little incentive for crackers to exploit vulnerabilities in MoFo's code, you can't say that now, with all the attention Firefox caught.

It's up to them to fix their software as soon as vulnerabilities are reported now.

Similar Problem (1)

nxaccount (931295) | more than 8 years ago | (#14214524)

I believe I have discovered a similar problem where if you have too may items in your download manager history, the browser will crash and be come vulnerable to the same type of attack. A "creative" website could use JavaScript to aggressively download a common file type (that is set to automatically save) hundreds of times causing the browser to crash. Unfortunately, I'm not a developer so I can't create POC to prove it.

Automatic update (0, Redundant)

cdn2k1 (908657) | more than 8 years ago | (#14214531)

This seems to be a good test for the new "automatic update" feature in FF 1.5. I hope they can use this feature to address these security issues in a timely manner without all this fanfare.

It's completely retarded... (3, Insightful)

ninja_assault_kitten (883141) | more than 8 years ago | (#14214534)

The guy who reported it called it a 'buffer overflow' and clearly had no understanding of what it actually meant.

which
most users won't figure out.

this proof of concept will only prevent someone from reopening
their browser after being exploited. DoS if you will. however, code
execution is possible with some modifcations.

Tested with Firefox 1.5 on Windows XP SP2.

ZIPLOCK

-->

heh
function ex() {
            var buffer = "";
              for (var i = 0; i ZIPLOCK says CLICK ME

Heh (4, Funny)

aftk2 (556992) | more than 8 years ago | (#14214538)

cause your browser to crash on startup with a single visit.
I've seen this exploit in the wild: it's called the MySpace Profile Page [myspace.com] .

Re:Heh (0)

Anonymous Coward | more than 8 years ago | (#14214809)

LOL that's so true.

Re:Heh (1)

Geoffreyerffoeg (729040) | more than 8 years ago | (#14214815)

Speaking of MySpace, is there a way (short of filling Firefox with FlashBlock, AdBlock, NoScript, KillTheWabbit, or whatever other anti-active-content extensions they have) to view MySpace profiles/information without loading any of the simultaneous nonsense my friends seem to want loading by default? E.g., if I log in, is there an option to disable this? Or is there a relatively complete RSS feed for profiles?

Someone needed to create a scoop. (3, Informative)

Godeke (32895) | more than 8 years ago | (#14214542)

Correction: This story incorrectly stated the affiliation of Mike Schroepfer, Mozilla's results in verifying the Firefox 1.5 flaw, and the nature of the problem. Schroepfer is vice president of engineering with Mozilla Corp., and Mozilla has not been able to verify its browser can crash and lead to a denial-of-service condition. The problem itself was a not security vulnerability but actually a flaw in the browser.


Wow, that is accurate reporting, which was then amplified in the summary to the point of absurdity.

Re:Someone needed to create a scoop. (1)

NickFortune (613926) | more than 8 years ago | (#14214740)

Well quite.

C|Net, by their own admission, got almost every pertinent detail of the story wrong. The only way they could have have been further off target would be if they assigned the flaw to Internet Explorer. Personally, I'm not going to hold my breath waiting for that mistake to see print.

As a side note: I'm not normally one to slag off Slashdot's editors, but might I ask for a little more investigation before parrotting the lastest MS anti-Firefox propaganda? This is the third story this quarter portraying a browser crash as a security exploit. Given that the last IE flaw involved the execution of arbitary code, some evidence of editorial perspective would be nice.

Inevitable.. (1)

lonasindi (914571) | more than 8 years ago | (#14214549)

This is, in my opinion, just an example of the downside to popularity. As more and more people begin to use firefox, more and more people will find ways to break it. I use both firefox and iexplore on different machines, for the simple reason that on my new laptop, iexplore does not render images properly, and firefox was the easiest fix. I do not believe in zealotry, especially for web browsers, since firefox is losing some security it had due to obscurity. This is relatively minor news, but I think it's just the beginning of equalization between the browsers.

Re:Inevitable.. (1)

ClamIAm (926466) | more than 8 years ago | (#14214743)

I do not believe in zealotry, especially for web browsers, since firefox is losing some security it had due to obscurity.

First and most importantly, a piece of software does not become "less secure" as more people use it. Its security is dependent upon the code inside it, not the number of people who use it. I also find it strange that base your view that you "don't believe in zealotry for web browsers" on the fact that Firefox is losing "security through obscurity" protection. It makes no logical sense.

Is that a Product plug I see? (1)

_the_bascule (740525) | more than 8 years ago | (#14214552)

In testing Firefox 1.5 without a system running McAfee security software, the Firefox 1.5 browser would stall and not respond to a user's mouse, said Johannes Ullrich, chief research officer for the Sans Institute

Empahsis mine.


What's all that about then?

Re:Is that a Product plug I see? (3, Informative)

Anonymous Coward | more than 8 years ago | (#14214693)

No, just a badly worded summary of the original storm center diary entry [sans.org] in which the ISC handler attributes the possible FAILURE of this bug to crash firefox to the McAfee software, which, in his mind, has some mystical power to optimise firefox's inefficient string parsing algorithm even when it's deactivated!

This bug is slightly lame, even as DOS -- There are no confirmed reports from half-or-more-brain-having people that it even crashes the browser in the first place. All it does is make the subsequent startups slow, especially noticable in slower machines.

See bug 319004 at bugzilla.mozilla.org.

aint working (0)

Anonymous Coward | more than 8 years ago | (#14214575)

I have winxp machine with FX 1,5 and after clicking on the link nothing realy happends .. i mean sure uses a lot of cpu but i open a new tab close previous and everything works fine... i dot knnow where's the exxploit part ;].
If thats an exploitn i think most OS are vunerable to my 31337 exploit while(1);

more like... (-1, Troll)

Anonymous Coward | more than 8 years ago | (#14214587)

Firefox more like FIREFAIL amirite guys?

Re:more like... (0)

Anonymous Coward | more than 8 years ago | (#14214643)

"The problem itself was a not security vulnerability but actually a flaw in the browser."

I think a security vulnerability is a flaw in any program, and the use of said term was unnecessary.

-Mr. Chicken

1.0.7 Also vulnerable (2, Interesting)

sheepoo (814409) | more than 8 years ago | (#14214605)

I ran the proof of concept on my installation of 1.0.7 (WinXP SP2) and it crashed the next time I opened FF. Task Manager showed that FF was eating up the memory like crazy. I deleted the history.dat file (which was 10 MB in size!!!!!!!) and sanity returned instantly :)

Older versions and Mozilla? (1)

antdude (79039) | more than 8 years ago | (#14214607)

Do older versions of Firefox and Mozilla have this problem?

Update (1)

bosewicht (805330) | more than 8 years ago | (#14214615)

From the Article

Mozilla has not been able to verify its browser can crash and lead to a denial-of-service condition. The problem itself was a not security vulnerability but actually a flaw in the browser.

Firefox history code is horrible (2, Informative)

Anonymous Coward | more than 8 years ago | (#14214620)

In other news: Water is wet. Seriously, whoever wrote the history code needs to be shot. Once your history gets to any significant size, all operations on it start getting annoyingly slow. For me, it takes 15 seconds for firefox to open the Go menu for the first time in a session, and once you've done that, even more annoyingly there's a delay of a few seconds on every new page you visit for the rest of that session. The history sidebar is so excruciatingly slow it's practically unusable.

so... (4, Informative)

SharpFang (651121) | more than 8 years ago | (#14214623)

Preferences > privacy > history > [0] days; ok.
Patched. I use the history feature about twice a year, won't miss it till the right fix is found.
Not quite like disabling all the javascript in MSIE, is it?

so it's like Netscape? (1)

atari2600 (545988) | more than 8 years ago | (#14214634)

"Users have to kill out of the browser and start over again. This stalled browser creates a DOS (denial of service) condition," Ullrich said.

This reminds of all those horrible years of Netscape 4.x on Solaris desktop environments when the CPU usage would spike to 95% thanks to Netscape and Netscape would need to be killed :(. And 1.0.7 is working just great for now.

Re:so it's like Netscape? (0)

Anonymous Coward | more than 8 years ago | (#14214773)

Amen. I dreaded even having to turn javascript on in that monstrosity.

thats the exploit? (1)

SQLz (564901) | more than 8 years ago | (#14214640)

The browser crashes when I go to a site? OMG! If its not arbitrary code execution, don't bother me. IE has had a similar exploit since it came out. Basically, it crashes randomly when visiting a website.

Disable? (0, Redundant)

magn3tman (875263) | more than 8 years ago | (#14214648)

It'd be nice to mention how to disable the history.dat file.

HoFo (0)

Anonymous Coward | more than 8 years ago | (#14214663)

"C|Net is reporting that an unpatched exploit in Firefox 1.5 has been made public, making it very easy for ne'er-do-well-sites to cause your browser to crash on startup with a single visit.

Would that explain why all of a sudden firefox would hang every time I try to visit Howard Forums [howardforums.com] .

Serves you right! (0)

Anonymous Coward | more than 8 years ago | (#14214680)

If you're caught on such a trick you deserve teh haxor, b0y!

Some exploit. (2, Insightful)

bradbeattie (908320) | more than 8 years ago | (#14214695)

I recognize that it can cause inconvenience, but come on. Exploits in IE typically result in executing arbitrary code on the user's computer. I guess this is just another argument as to why system diversity is important. If no browser had more than 20% of the market it'd be difficult to target a large portion of internet users.

browser change (1)

ReDiLect (936918) | more than 8 years ago | (#14214711)

Has anyone changed from firefox to opera perhaps? I've been hearing from several people that firefox can be a pain the ass at certain times, like crashes at random times, closing your browser with multiple TABS and giving you errors after closing it, several bugs,.. it also uses quite alot of memory, and this happens with my firefox too, I guess I'll give opera a try. -- http://www.e-guides.biz/ [e-guides.biz]

Honestly (1)

gallwapa (909389) | more than 8 years ago | (#14214716)

Does "editor" need to be changed to "poster"? One would think titles, dupes, and blatently fake (or copied) stories wouldn't make /., although as of late, there has been a disturbing trend... Regardless of what these so called "analysts" like to say, it causes a browser to crash - it doesn't allow any code to execute, or, allow some remote worm ream your system...

I don't understand.... (1)

lotrtrotk (853897) | more than 8 years ago | (#14214723)

what is meant by "disable".

Is the author suggesting we remove write access? Rename the file? I don't follow. "disable" is ambiguous.

Open$ource (0, Troll)

hwangeruk (910652) | more than 8 years ago | (#14214735)

I find this hard to believe, an exploit? How did that escape with all those millions of open source coders and users pouring over the codebase?

What about the automatic privacy features? (1)

Not_Wiggins (686627) | more than 8 years ago | (#14214788)

I have my 1.5 version set to delete all history/caches automatically (it is an internal feature). I don't recall if it happened at startup or shutdown of the app (I'm assuming startup).
Would that be a viable workaround (especially for those who don't care about/want history)?
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...