December 12, 2005 4:44 PM PST
Mozilla issues Firefox alert
- Related Stories
-
Browsers to get sturdier padlocks
December 12, 2005 -
Unpatched Firefox 1.5 exploit made public
December 8, 2005 -
IE flaw lets intruders into Google Desktop
December 2, 2005
However, the browser company strenuously denied in its Sunday advisory that the problem would cause any lasting damage to the application. It maintains that the glitch is very easy to fix.
"We have investigated this issue and can find no basis for claims that variants of this denial-of-service attack can cause an exploitable crash," Mozilla said in its advisory.
The issue came to light last Wednesday, when the first exploit code for the potential vulnerability was published.
The problem occurs with extremely long history.dat files. If the history file gets larger than 10.5MB, then the system can appear to freeze. Mozilla said the system is not actually frozen, but it takes time to clear the history buffer. The company said that to cure the problem, users need to clear the History archive.
Mozilla said in a statement that it has "issued a security advisory on a temporary start-up unresponsiveness caused by Web pages in a browser history with extremely long titles. If a user encounters this problem, the slow start can be fixed by clearing the browser history."
The problem has been given a noncritical rating by Mozilla.
Colin Barker of ZDNet UK reported from London.
13 comments
Join the conversation! Add your comment (Log in or register)
Check the settings button under any of the privacy options and you'll see how easy this is to do.
Show me an IE malware hole that is that easy to resolve..
Waiting for another serious issue just to deploy the fix is plain dumb, IMO.
Factually incorrect, Mr. Colin Barker.
Here is what Mozilla has said:
We have investigated this issue and can find no basis for claims that variants of this denial-of-service attack can cause an exploitable crash, and no evidence for this claim has been offered. There does not appear to be any risk to users or their computers beyond the temporary unresponsiveness at startup.
<a class="jive-link-external" href="http://www.mozilla.org/security/history-title.html" target="_newWindow">http://www.mozilla.org/security/history-title.html</a>