Mozilla Firefox History Information Denial of Service Weakness

Discussion in 'other security issues & news' started by ronjor, Dec 8, 2005.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,764
    Location:
    Texas
    Critical:Not critical
    Impact: DoS
    Where: From remote
    Solution Status:Unpatched
    Secunia
     
  2. MikeBCda

    MikeBCda Registered Member

    Joined:
    Jan 5, 2004
    Posts:
    1,627
    Location:
    southern Ont. Canada
    I'd be curious about one angle of this. I've got history set to zero days, and "Clear history" has always been greyed out, implying I've got no history.dat file (I'm too lazy to actually look).

    Wonder if this exploit creates a history.dat, if there isn't already one for it to "do its thing"? If not, it suggests that zero-days could be a useful work-around till we get a real patch from Mozilla.
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,764
    Location:
    Texas
    I have mine set to zero as well. I do have a history.dat file though, 1kb in size.
    A quick search from the start menu shows the file.

    Edited: I did have a history.dat file in a backup. Using zero days, no history.dat file is saved.
     
    Last edited: Dec 8, 2005
  4. tlu

    tlu Guest

    There is a workaroud from Bugzilla for this bug: Add

    user_pref("capability.policy.default.HTMLDocument.title.set","noAccess");

    to your prefs.js .
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,764
    Location:
    Texas
Loading...
Thread Status:
Not open for further replies.