Mozilla Firefox History Information Denial of Service Weakness

Discussion in 'other security issues & news' started by ronjor, Dec 8, 2005.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,792
    Location:
    Texas
    Critical:Not critical
    Impact: DoS
    Where: From remote
    Solution Status:Unpatched
    Secunia
     
    ronjor, Dec 8, 2005
    #1
  2. MikeBCda

    MikeBCda Registered Member

    Joined:
    Jan 5, 2004
    Posts:
    1,627
    Location:
    southern Ont. Canada
    I'd be curious about one angle of this. I've got history set to zero days, and "Clear history" has always been greyed out, implying I've got no history.dat file (I'm too lazy to actually look).

    Wonder if this exploit creates a history.dat, if there isn't already one for it to "do its thing"? If not, it suggests that zero-days could be a useful work-around till we get a real patch from Mozilla.
     
    MikeBCda, Dec 8, 2005
    #2
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,792
    Location:
    Texas
    I have mine set to zero as well. I do have a history.dat file though, 1kb in size.
    A quick search from the start menu shows the file.

    Edited: I did have a history.dat file in a backup. Using zero days, no history.dat file is saved.
     
    Last edited: Dec 8, 2005
    ronjor, Dec 8, 2005
    #3
  4. tlu

    tlu Guest

    There is a workaroud from Bugzilla for this bug: Add

    user_pref("capability.policy.default.HTMLDocument.title.set","noAccess");

    to your prefs.js .
     
    tlu, Dec 8, 2005
    #4
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,792
    Location:
    Texas
    ronjor, Dec 8, 2005
    #5
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...