Unpatched Firefox 1.5 Exploit Made Public 309
ThatGuyGreg writes "C|Net is reporting that an unpatched exploit in Firefox 1.5 has been made public, making it very easy for ne'er-do-well-sites to cause your browser to crash on startup with a single visit. Until a patch is released, it is recommended that you disable your history.dat file."
FC4, 1.5 (Score:4, Insightful)
DOS (Score:5, Insightful)
Plus, read this (from the article):
"We have gotten no independent verification that it crashes (Firefox), but there have been a lot of attempts to try," Schroepfer said.
So, this is all very hypothetical then?
Not an "exploit" (Score:4, Insightful)
Really (Score:2, Insightful)
Good test for the new Update System (Score:3, Insightful)
With the speed that the Firefox developers release their fixes and the ease of getting those fixes with the new system, I hope this will develop as proof of how well Firefox can handle these situations.
--
Brandon Petersen
http://www.brandonpetersen.com/ [brandonpetersen.com]
Re:Only crashes? (Score:4, Insightful)
Re:Only crashes? (Score:3, Insightful)
It's completely retarded... (Score:3, Insightful)
which
most users won't figure out.
this proof of concept will only prevent someone from reopening
their browser after being exploited. DoS if you will. however, code
execution is possible with some modifcations.
Tested with Firefox 1.5 on Windows XP SP2.
ZIPLOCK
-->
heh
function ex() {
var buffer = "";
for (var i = 0; i ZIPLOCK says CLICK ME
A crash can often lead to an overflow exploit (Score:5, Insightful)
Re:Only crashes? (Score:3, Insightful)
Re:Only crashes? (Score:3, Insightful)
Witness the recent IE vulnerability, which MS didn't patch quickly because it was "only a DoS vulnerability". Of course, it turned out it was possible to execute code with the vulnerability, it just took a while for a better (worse?) exploit to be crafted.
Stop the stupidity (Score:2, Insightful)
DOWNLOADING MORE SOFTWARE to intentionally disable part of a program that is supposed to work is 150% unacceptable.
Jesus, how bad does software have to get before people finally start to not use it? Luckily, I didn't pay anything for my Firefox installations, so I can't really bitch. But I CAN look at other, less buggy alternatives (like IE) that also offer useful features that Firefox doesn't, like Active X.
Some exploit. (Score:3, Insightful)
Re:A crash can often lead to an overflow exploit (Score:1, Insightful)
Re:A crash can often lead to an overflow exploit (Score:3, Insightful)
While that is true, this could also be a simple null pointer dereference, caused by incomplete error handling in the code somewhere. Those sorts of failures are typically not exploitable.
Just because A implies B, does not necessarily mean that B implies A. All overflows are crashable bugs, but not all crashable bugs are overflowable.
It's easy enough to find out -- load the core file into gdb and look at the instruction that crashed. If it's a null reference, chances are this bug is no big deal.
Must be joking (Score:3, Insightful)
The claim of a buffer overflow is nonsense. I suspect that that claim is a joke. The only thing that makes this mild borking work is a very long document title. In setting that up, the author uses a variable called "buffer" and "buffer2". Just because a JS variable gets named "buffer2" and gets set to something very long doesn't make this a buffer overflow. I like to think that the guy must be joking, instead of actually being that stupid.
But in the end, there is a bug to be fixed in Firefox
CORRECTION (Score:2, Insightful)
Why focus on JavaScript? (Score:3, Insightful)
Bingo: exploited with no scripting involved at all.
Re:Only crashes? (Score:2, Insightful)
No, it doesn't mean that *necessarily*; however, there is historically a significant likelihood that such *might* be the case. The most recent IE remote arbitrary code execution exploit was formerly just a denial-of-service attack that for one reason or another never got patched, and eventually someone figured out how to make exploit it in a way that allows arbitrary code to be injected and executed. There are many other examples over time of cases wherein a flaw in some program or another, when initially discovered, was only a denial-of-service (or perhaps not even proven exploitable at all) but code injection and execution developed as a later, more sophisticated exploit of the same vulnerability.
This should definitely get fixed, preferably *before* anybody discovers a way to do more malicious things than DOS with it. (And I have little doubt it will be fixed, probably quite soon, if past history is any indication of future performance.)