Firefox 1.5 Final – Exploit & PoC : Easy Fix!

Filed under Security News, Security Programs, Windows

Today, a minor DoS (Denial of Service) exploit was released. Showing how even Firefox 1.5 Final, which was just released 11/29/05 is vulnerable to attacks. I say, “minor” for the fact that you have a choice whether or not you’re affected by this type of DoS atack or not.

PacketStorm and their research has paid off again!

Basically firefox logs all kinda of URL data in it’s history.dat file,
this little script will set a really large topic and Firefox will then
save that topic into it’s history.dat.. The next time that firefox is
opened, it will instantly crash due to a buffer overflow — this will
happen everytime until you manually delete the history.dat file — which
most users won’t figure out.

this proof of concept will only prevent someone from reopening
their browser after being exploited. DoS if you will. however, code
execution is possible with some modifcations.

Okay, so you would have to click a link or try and access a vulnerable website for this to take affect. Now, with the default installation of Firefox 1.5 Final, your browser would crash on you and when attempting to open your browser again you would experience another browser crash. Are you being hacked? No, this is an annoyance… Enough with the small talk, lets go over what needs to be done to prevent this attack and future attacks like this from affecting you! Put an end to the abuse!

Technically you have 2 options to resolve this issue:

1) You can simply open Firefox click ‘Tools’ > ‘Options’ > Select the ‘Privacy’ button and check everything (The only two that have to be checked are, ‘Browser History’ & ‘Clear private data when closing Firefox’).

Firefox Privacy

- This will clear the browser history everytime Fixfox closes. So, if you did run across this DoS attack while browsing, your browser will crash, but the data was cleared upon crashing. This isn’t the best option because you’re still losing your current searches and have been annoyed by the exploit. This is why step 2 is the only way to go…

2) A great firefox extension called, No Script offers protection over Javascripts from running on your system from untrusted sites. What this program use, is when you access a website that wants to run javascript on your system it blocks it and prompts you, giving you the option to “always allow from the site” or to “temporarily allow from the site.” So when this exploit tried to run against me, I knew I didn’t want to allow this javascript to run and continued browsing without being affected at all. Now, before you go out and get all browser happy read up on this program and get this extension installed on your computer!

No Script Logo

Download: Install this bad boy now!
More Information: What is it?

Manual removal: (example:) C:\Documents and Settings\techsec\Application Data\Mozilla\Firefox\Profiles\4rbeef38.default\history.dat

The history.dat file is 10,153 KB once code is successful ran, deleting it clears it as well.

This seems to affect previous version of Firefox also, so please be sure to protect yourself before testing the PoC on your computer!

Test Yourself: Think you’re secure? (modified script of the original from ZipLock)

4 Comments

  1. thrall says:

    It’s so easy to use the exploit. I wrote an article on my website about it. It’s rediculous. I have no idea about it crashing whenever I load up..that’s not true.

    Also the guy who wrote the original exploit made it so that you have to click a link. Well with a little code change you can have it call it by itself. And on top of that if you change the buffer settings you can make firefox hard crash and die.

  2. C Loc says:

    Please provide a fix for your “proof of concept”. You have done worse to my computer so far then anyone else.

  3. I apologize for the PoC causing problems on your computer. I provided a manual removal step for yourself and others that run into the same problem.

    In a way the PoC did it’s job, showing people that their browser isn’t secure. This is why NoScript is the best solution. Good Luck and I hope you accept my apologies for your troubles.

  4. Afro says:

    author should roght a second blog, it’s great!

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*