Packetstorm in a teacup; Firefox still secure
The first exploit for Mozilla Firefox 1.5 was discovered by Packetstorm last week. However initial reports that Packetstorm\’s hack could completely disable Firefox seem grossly exaggerated.
Packetstorm\’s proof of concept exploit for Firefox involves writing really long topics to Firefox\’s cache (2.5 million characters in Packetstorm\’s example). When the browser tries to load, it starts to take strain while reading the cache file.
â€œBasically firefox logs all kinda of URL data in it\’s history.dat file, this little script will set a really large topic and Firefox will then save that topic into it\’s history.dat.. The next time that firefox is opened, it will instantly crash due to a buffer overflow — this will happen everytime until you manually delete the history.dat file — which most users won\’t figure out. this proof of concept will only prevent someone from reopening their browser after being exploited. DoS if you will. however, code execution is possible with some modifcations (sic),â€ according to Packetstorm.
But despite initial claims by Packetstorm that Firefox would not start, this hack only slows the loading of Firefox — possibly up to a few minutes (which can easily be confused as a complete crash by impatient testers). The first indication that Packetstorm might be over-exaggerating the point came from security tracker Sans, which was unable to emulate Packetstorm\’s results. â€œThe machine I was testing this on has McAfee Enterprise 8, and Firefox would not crash. Despite my valiant efforts in disabling the protection, I couldn\’t get it to crash. While annoyed that I couldn\’t (short of uninstalling) get the protection disabled, it probably is a good thing,â€ noted John Bambenek on Sans.
â€œWe have investigated this issue and can find no basis for claims that variants of this denial-of-service attack can cause an exploitable crash, and no evidence for this claim has been offered. There does not appear to be any risk to users or their computers beyond the temporary unresponsiveness at startup,â€ says Mozilla in an official statement.
So it seems that Mozilla Firefox 1.5 remains secure, which is quite surprising considering how long its been on the market. We sincerely hope that the next exploit discovered is a little more exciting.