The Mozilla Foundation has issued a security advisory, acknowledging concerns about a potential flaw in its Firefox 1.5 browser.
However, the browser company strenuously denied in its Sunday advisory that the problem would cause any lasting damage to the application. It maintains that the glitch is very easy to fix.
"We have investigated this issue and can find no basis for claims that variants of this denial-of-service attack can cause an exploitable crash," Mozilla said in its advisory.
The problem occurs with extremely long history.dat files. If the history file gets larger than 10.5MB, then the system can appear to freeze. Mozilla said the system is not actually frozen, but it takes time to clear the history buffer. The company said that to cure the problem, users need to clear the History archive.
Mozilla said in a statement that it has "issued a security advisory on a temporary start-up unresponsiveness caused by Web pages in a browser history with extremely long titles. If a user encounters this problem, the slow start can be fixed by clearing the browser history."
The problem has been given a noncritical rating by Mozilla.
Or you could just configure firefox to delete it's history when you close it, along with any other private data you choose to include in it's one click clear up the new version now provides.
Check the settings button under any of the privacy options and you'll see how easy this is to do.
Show me an IE malware hole that is that easy to resolve..
Don't start falling behind like Microsoft and their "single" patch relese cycle per month. If this issue is so easy to correct and is not a huge deal... why don't you just deploy it across the network so that the Auto Update Mechanism in Firefox 1.5 is triggered to automatically apply the update?
Waiting for another serious issue just to deploy the fix is plain dumb, IMO.
"acknowledging concerns about a potential flaw in its Firefox 1.5 browser that could cause a buffer overflow error."
Factually incorrect, Mr. Colin Barker.
Here is what Mozilla has said:
We have investigated this issue and can find no basis for claims that variants of this denial-of-service attack can cause an exploitable crash, and no evidence for this claim has been offered. There does not appear to be any risk to users or their computers beyond the temporary unresponsiveness at startup.
One one minor problem with FF1.5 upon release! How many do you think IE7 will have? and how many months to get IE7's holes fixed vs days or hours to fix FF holes. Biggest "headache" with new FF release is the extensions not always being compatiable.
The history is very convenient, sometimes much more so than bookmarks. Oft visited sites require two or three characters entered in location to expand and browse. The REAL SOLUTION would be to release history.dat management software to prune lesser used URLs, and retain the oft visited sites! How many years have we gone without a history management option? How many thousands of users pine for this feature? Zeroing the file is like nailing a trembling hand to the kitchen table. It appears to stop the tremmors but...
Google creates an animated doodle that features a boy, a girl, Google's search engine, and a jump rope. But might there be darker, more analytical, more troubling interpretations to this tale?
The Silicon Valley online payments startup grew by 1,000 percent last year and is hopeful it can repeat that level of growth this year. To do that, it's had to move away from its early friends-and-family roots and embrace small businesses.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
See EPSON® Corporate Projectors
Check the settings button under any of the privacy options and you'll see how easy this is to do.
Show me an IE malware hole that is that easy to resolve..
Waiting for another serious issue just to deploy the fix is plain dumb, IMO.
Factually incorrect, Mr. Colin Barker.
Here is what Mozilla has said:
We have investigated this issue and can find no basis for claims that variants of this denial-of-service attack can cause an exploitable crash, and no evidence for this claim has been offered. There does not appear to be any risk to users or their computers beyond the temporary unresponsiveness at startup.
<a class="jive-link-external" href="http://www.mozilla.org/security/history-title.html" target="_newWindow">http://www.mozilla.org/security/history-title.html</a>