A bug that exists in Firefox 1.5 has been discovered and made available to public. The exploid code takes advantage of a bug of Firefox in handling history of visited sites, and could cause denial of service to the victim. When the topic of a page is crafted to be long enough, it will crash Firefox each time it is started.
Currently there is no any official fix from Mozilla. The only workarounds are either to erase the history.dat file manually, or to disable history feature of Firefox 1.5 (Tools -> Options -> Privacy -> History -> Set the number of days to save pages at 0).
Source: SANS.
0 Responses to “Firefox 1.5 exploit discovered and made public”