ru.linux
- RU.LINUX ---------------------------------------------------------------------
From : Pavel Vasilyev 2:5020/1042.65 11 Dec 2005 12:51:14
To : All
Subject : Mozilla Firefox History Information Denial of Service Weakness
--------------------------------------------------------------------------------
Пустячок, а неприятно ;)
TITLE:
Mozilla Firefox History Information Denial of Service Weakness
CRITICAL:
Not critical
IMPACT:
DoS
WHERE:
>From remote
SOFTWARE:
Mozilla Firefox 1.x
DESCRIPTION:
ZIPLOCK has discovered a weakness in Mozilla Firefox, which can be
exploited by malicious people to cause a DoS (Denial of Service).
The weakness is caused due to an error in the handling of large
history information. This can be exploited to fill the history file
"history.dat" with large history information by tricking a user into
visiting a malicious web site with an overly large title (e.g. set
via JavaScript).
Successful exploitation causes the browser to consume a large amount
of CPU and memory resources on a vulnerable system when the affected
browser is started up again after an attack. Users may have to remove
the "history.dat" file in order to be able to use the affected
browser.
The weakness has been confirmed in version 1.5. Other versions may
also be affected.
SOLUTION:
Configure Firefox to clear history information when closing the
browser. This affects functionality.
Tools -> Options... --> Privacy --> Settings...
PROVIDED AND/OR DISCOVERED BY:
ZIPLOCK
----------------------------------------------------------------------
Memento morri All!
--- GoldED+ 1.1.5 (Linux 2.6.14.3 i686)
* Origin: Windows 3.1/95/98/ME/XP/NT/2000/2003 Rulezzz !!! (2:5020/1042.65)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
| Тема: |
Автор: |
Дата: |
|
Mozilla Firefox History Information Denial of Service Weakness |
Pavel Vasilyev |
11 Dec 2005 12:51:14 |
|
|
