p2p news / p2pnet: Mozilla Corp says a bug in Firefox 1.5 doesn’t expose users to attack, earlier reports by researchers notwithstanding.

Malicious pages with long titles – the proof of concept for the pseudo denial-of-service (DoS) attack contained 2.5 million characters – make the browser appear to hang, said a Mozilla advisory, "although the software is actually busy processing the name," says TechWeb News.

"Once encountered, the very slow start can’t be corrected until the site name is removed from Firefox’s history file.

"Last week, researchers of the PacketStorm security group claimed that the bug could result in not just a DoS, but a more serious buffer overflow, which could be used in turn by attackers to compromise the system."

However, says the story, according to Mozilla, there’s no danger of a buffer overflow, adding the date for a fix hasn’t yet been announced..

Also read:-
TechWeb News – Mozilla Says Firefox 1.5 Bug Not Serious, December 12, 2005

This entry was posted on Tuesday, December 13th, 2005 at 10:59 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 4356 times