The Ethical Hacker Network - Mozilla Downplays Firefox 1.5 Exploit

Home

Calendar

Certifications

Latest Additions

EH-Net Login

Welcome Guest.

Lost Password?

No account yet? Register

Who's Online
We have 64 guests and 1 member online

You are here: Home

Resources

News from the Outside World

Mozilla Downplays Firefox 1.5 Exploit

EH-Net

May 21, 2013, 09:14:46 PM

Welcome, Guest. Please login or register.
Did you miss your activation email?

News: Go back to The Ethical Hacker Network Online Magazine Home Page

Home

Help

Calendar

EH-Net > Resources > News from the Outside World (Moderator: don) > Mozilla Downplays Firefox 1.5 Exploit

Pages: [1] Go Down

« previous next »

	Author	Topic: Mozilla Downplays Firefox 1.5 Exploit (Read 3307 times)
0 Members and 1 Guest are viewing this topic.

don

Editor-In-Chief
Administrator
Hero Member

Offline

Posts: 4165

Editor-In-Chief

Mozilla Downplays Firefox 1.5 Exploit

« on: December 09, 2005, 11:57:50 AM »

A private security outfit has released a proof-of-concept exploit for a security flaw in Firefox 1.5, warning that the code can be modified to launch code execution attacks.

However, officials at the Mozilla Foundation are downplaying the threat, insisting the bug is more of an "annoyance" than a serious security vulnerability.

The exploit, which was posted on the PacketStormSecurity.org Web site, targets a buffer overflow in Firefox 1.5, the newest browser release from Mozilla.

The exploit has been confirmed on Firefox 1.5 on Windows XP SP2 (Service Pack 2) and is caused by an error in the way the open-source browser handles large history information.

A successful attacker can fill the browser's "history.dat" file with large history information by tricking a user into visiting a malicious Web site with an overly large title.

For full story:
http://www.eweek.com/article2/0,1895,1898253,00.asp

Don