Firefox Dos?

bearskin · December 7, 2005

wasn't sure where to post this:

http://packetstormsecurity.org/0512-exploi...er-overflow.txt

found it here:

http://digg.com/

Edited December 7, 2005 by bearskin

CurlingSteve · December 7, 2005

I ran that "exploit".

What it does is write 2,500,000 A's to the tab title.

My History.dat file jumped from around 593 KB to 10,691 KB but Firefox kept running normally.

One thing I didn't try was clearing the history.

I expect it would take a long time to run (and people would assume Firefox had crashed and abort it).

It didn't crash anything until I started fooling around with renaming and replacing History.dat.

When I switched back to the big History.dat Firefox wouldn't launch.

But I suspect it was my messing around that froze it.

Deleting History.dat and letting Firefox create a fresh one cleared things up.

It's not a security problem.

Firefox Bugs Forum

Edited December 7, 2005 by CurlingSteve

Matt · December 7, 2005

This is something I have been wonderinf for a long time: "Does Firefox keep its own "index.dat" like IE does?" Well, now I suppose my question has been answered. I didn't try that exploit, but thank you both for the info.

Matt

DarkestDream · December 8, 2005

IF you have NoScript extension, then you wont worry about that expliot. NoScript wont allow it to write on the .dat file until you permit it.

Matt · December 8, 2005

IF you have NoScript extension, then you wont worry about that expliot. NoScript wont allow it to write on the .dat file until you permit it.

Ah yes! I love NoScript! A very handy security tool!

Sign In

Firefox Dos?

Recommended Posts

bearskin

Link to post

Share on other sites

CurlingSteve

Link to post

Share on other sites

Matt

Link to post

Share on other sites

DarkestDream

Link to post

Share on other sites

Matt

Link to post

Share on other sites

Join the conversation

Browse

Activity