Unpatched Firefox 1.5 Exploit Made Public

ThatGuyGreg writes "C|Net is reporting that an unpatched exploit in Firefox 1.5 has been made public, making it very easy for ne'er-do-well-sites to cause your browser to crash on startup with a single visit. Until a patch is released, it is recommended that you disable your history.dat file."

IE's execution of arbitrary code

[Dreadlord]

Before someone starts saying Firefox is vulnerable to exploits just as IE, this exploits crashes the browser and only that, now compare this to IE's execution of arbitrary code [slashdot.org].

No software is perfect, but still, Firefox is clearly ahead.

1.0.7 Also vulnerable

[sheepoo]

I ran the proof of concept on my installation of 1.0.7 (WinXP SP2) and it crashed the next time I opened FF. Task Manager showed that FF was eating up the memory like crazy. I deleted the history.dat file (which was 10 MB in size!!!!!!!) and sanity returned instantly :)

Re:Only crashes?

[Da_Weasel]

lets say that some malicious code gets "injected" into memory when Firefox crashes. What are the dangers? If Firefox crashes then its not going to attempt to use that memory for anything...because...ummm....it's not running! If it's not running then it can't be tricked into doing something with this malicious chunk of memory. The only other thing that is going to be looking at that memory space is the OS, and that would likely only be concerned with reclaiming those blocks of memory for use by other processes once the Firefox process exits.

Just because you can make a program crash, doesn't mean you can exploit it. As a matter of fact Firefox would be more dangerous if it didn't crash and kept on chuging along using corrupt data in the history.dat.

Re:IE's execution of arbitrary code

[ClamIAm]

And a while back firefox had a bug (in Windows) that allowed access to a shell. Knowing the number of people that run with admin access, this is just as bad. I'm not saying FF is as bad as IE, just that bugs can be brutal. (and undescriminating)

I wonder...

[Anonymous Coward]

If there is a fix for the insane memory leak that Firefox has. After installing 1.5, it gets up to 150M usage after a couple of hours with just 3-8 tabs open. After using the same instance for about half a day or so it's at 350M and the whole OS slows down until you close it and start another one. Even IE never did that crap to me. It's a shame.

Re:Firefox history code is horrible

[WWWWolf]

Once you have the idea on how sucky Mozilla's history stuff is in practice, take a look at how the stuff is actually stored in history.dat. People have been rendered insane by just a single look at that stuff. Want to make sense of this format for some obscure reason? Read this [livejournal.com] and weep [jwz.org]. This stuff is just about the most insane thing I've ever seen.

I sure hope Mozilla folks get the unified storage plans together for Firefox 2.0, and use something like sqlite to store most of the user data. MorkDB format used by Mozilla is... just not elegant.

Re:FC4, 1.5

[FoXDie]

Go to http://www.apple.com/ipod/features.html [apple.com] and tell me if I'm the only one that has Firefox crash from that page without fail, since the upgrade to 1.5