Clint, and others, this is a strange bug as it is caused by the use of
an extremely long page title somewhere in the neighborhood of a 1000
characters long. This seems a little extreme, say 1 in a million :) Such
is the reason Secunia only gave it "Not critical".
Just my 2 cents.
Peter Kaulback
Support-OrpheusComputing.com wrote:
Wow. There's got a be another way other than disabling your
history!
-Clint
TITLE:
Mozilla Firefox History Information Denial of Service Weakness
SECUNIA ADVISORY ID:
SA17934
VERIFY ADVISORY:
http://secunia.com/advisories/17934/
CRITICAL:
Not critical
IMPACT:
DoS
WHERE:
From remote
SOFTWARE:
Mozilla Firefox 1.x
http://secunia.com/product/4227/
DESCRIPTION:
A weakness in Mozilla Firefox, which can be exploited by
malicious people to cause a DoS (Denial of Service).
The weakness is caused due to an error in the
handling of large history information. This can be
exploited to fill the history file "history.dat" with l
arge history information by tricking a user into
visiting a malicious web site with an overly large
title (e.g. set via JavaScript).
Successful exploitation causes the browser to
consume a large amount of CPU and memory
resources on a vulnerable system when the affected
browser is started up again after an attack. Users
may have to remove the "history.dat" file in order
to be able to use the affected browser.
The weakness has been confirmed in version 1.5.
Other versions may also be affected.
SOLUTION:
Configure Firefox to clear history information when
closing the browser. This affects functionality.
Tools -> Options... --> Privacy --> Settings...
--
--
I haven't failed, I've found 10,000 ways that don't work.
Thomas Edison (1847-1931)
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/rules.htm
Contact list owner <[EMAIL PROTECTED]>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
