Unpatched Firefox 1.5 Exploit Made Public 309
ThatGuyGreg writes "C|Net is reporting that an unpatched exploit in Firefox 1.5 has been made public, making it very easy for ne'er-do-well-sites to cause your browser to crash on startup with a single visit. Until a patch is released, it is recommended that you disable your history.dat file."
IE's execution of arbitrary code (Score:5, Interesting)
No software is perfect, but still, Firefox is clearly ahead.
1.0.7 Also vulnerable (Score:2, Interesting)
Re:Only crashes? (Score:2, Interesting)
Just because you can make a program crash, doesn't mean you can exploit it. As a matter of fact Firefox would be more dangerous if it didn't crash and kept on chuging along using corrupt data in the history.dat.
Re:IE's execution of arbitrary code (Score:2, Interesting)
I wonder... (Score:1, Interesting)
Re:Firefox history code is horrible (Score:4, Interesting)
Once you have the idea on how sucky Mozilla's history stuff is in practice, take a look at how the stuff is actually stored in history.dat. People have been rendered insane by just a single look at that stuff. Want to make sense of this format for some obscure reason? Read this [livejournal.com] and weep [jwz.org]. This stuff is just about the most insane thing I've ever seen.
I sure hope Mozilla folks get the unified storage plans together for Firefox 2.0, and use something like sqlite to store most of the user data. MorkDB format used by Mozilla is... just not elegant.
Re:FC4, 1.5 (Score:4, Interesting)