|
New Firefox Security Vulnerability
Date: 12/08/05
(Mozilla) Keywords: browser, java, security, virus, linux
News of a new security vulnerability has been posted for Firefox 1.5 (my testing confirms it also affects Firefox 1.0.7) that allows for Denial of Service or potentially arbitrary code execution. It has to do with a buffer overflow in the parsing of history.dat, which stores browser history.
Basically, if you visit a malcious site using this vulnerability, the next time you try to start Firefox it will run the malicious code, which could be as minor as causing Firefox not to work (such as the Proof of Concept) or as serious as executing arbitrary code (i.e. it could install a virus or other malware). Fortunately, there is a simple workaround: just set Firefox to keep browser history for 0 (zero) days, essentially setting it not to keep history, and then restart Firefox to make the change take effect. Note that disabling JavaScript DOES NOT mitigate this vulnerability; only disabling browser history does, since that prevents the creation of history.dat. Also note that the malcious code would run each time you attempt to start Firefox, until you delete history.dat from your profile folder.
I don't believe Mozilla has announced anything about this yet, but proof of concept code is available, and I confirmed with my own testing that it works as I described on both Mac OS X and Windows, using both Firefox 1.5 and Firefox 1.0.7, meaning that all versions are probably affected (or at least all recent versions).
Here are the steps to mitigate this vulnerability until a patch is released (for Firefox 1.5):
1. Open Firefox Options (Tools->Options on Windows) or Preferences (Edit->Preferences on Linux, Firefox->Preferences on Mac OS X). 2. Choose "Privacy" from the top button bar, and choose the "History" tab. 3. Set "Remember visited pages for the last ____ days." to 0 (zero). 4. On Windows, click OK to close the Options window. On Linux or Mac, simply close the Preferences window. 5. Restart Firefox to make sure the setting takes effect.
The same steps apply to Firefox 1.0.x, it's just that the options/preferences window is different. Basically, for step 2 the "Privacy" button is on the left side button bar, and history is the top section on that pane.
More details for the technically minded...
X-posted to firefoxusers
Source: http://www.livejournal.com/community/mozilla/341566.html
|