The KGB Oracle
Posted By: Garal Firefox Exploit - 12/10/05 03:00 AM
Got this from another forum:

http://www.mozilla.org/security/history-title.html
http://www.thenexusvoid.com/thread.asp?forum=technews&thread=707
Posted By: Rytz Re: Firefox Exploit - 12/10/05 04:20 AM
Thanks man. Haven't run into that yet personally but thanks for the heads up.
Posted By: Ezekiel_Zane Re: Firefox Exploit - 12/11/05 06:36 AM
Thanks for the info.
Posted By: Elph Re: Firefox Exploit - 12/12/05 03:09 AM
so for those that are link clickers what is the exploit?
Posted By: Garal Re: Firefox Exploit - 12/12/05 04:38 AM
Quote:

Web pages with extremely long titles (the posted proof of concept used 2.5 million characters) can cause Mozilla Firefox and the Mozilla Suite to appear to "hang" on startup when reading the browsing history data. The browser will eventually continue normally although this can take up to several minutes on a slower computer. The unresponsive starts will continue until the item with the long title is removed from the history file or eventually expires.

We have investigated this issue and can find no basis for claims that variants of this denial-of-service attack can cause an exploitable crash, and no evidence for this claim has been offered. There does not appear to be any risk to users or their computers beyond the temporary unresponsiveness at startup.

Should the user encounter this problem the slow starts can be fixed by deleting the item from history.

© The KGB Oracle