Re: Firefox 1.5 "Security"(?) bug?

Home	Messages Index

[Date Prev]	[Date Next]	[Thread Prev]	[Thread Next]

Author Index	Date Index	Thread Index

Re: Firefox 1.5 "Security"(?) bug?

Subject: Re: Firefox 1.5 "Security"(?) bug?
From: Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx>
Date: Mon, 12 Dec 2005 12:36:11 +0000
Newsgroups: comp.os.linux.advocacy
Organization: schestowitz.com / MCC / Manchester University
References: <405898F18ubf4U2@individual.net>
Reply-to: newsgroups@xxxxxxxxxxxxxxx
User-agent: KNode/0.7.2

__/ [B Gruff] on Monday 12 December 2005 12:21 \__

> I've seen this reported in umpteen places.
> 
> Now it's the Register:-
> 
> http://www.theregister.co.uk/2005/12/12/firefox_history_file_bug/
> 
> Now, however, there is a response on the Mozilla page.
> Sure, it's a bug - it can't deal properly with titles which are 2.5 million
> characters long(!), but where is this "Security bug" coming from?
> A bug - yes.  - but "Security"?:-
> 
> http://www.mozilla.org/security/history-title.html
> __________________________________________________
> Web pages with extremely long titles (the posted proof of concept used 2.5
> million characters) can cause Mozilla Firefox and the Mozilla Suite to
> appear to "hang" on startup when reading the browsing history data. The
> browser will eventually continue normally although this can take up to
> several minutes on a slower computer. The unresponsive starts will continue
> until the item with the long title is removed from the history file or
> eventually expires.
> 
> We have investigated this issue and can find no basis for claims that
> variants of this denial-of-service attack can cause an exploitable crash,
> and no evidence for this claim has been offered. There does not appear to
> be any risk to users or their computers beyond the temporary
> unresponsiveness at startup.
> 
> Should the user encounter this problem the slow starts can be fixed by
> deleting the item from history.

How  does  Internet Explorer deal with spammy sites whose titles are  over
2.5  MB in size? If someone actually bothered to wait so long for the page
to load, I'd be surprised.

2.5 million characters? Is that insufficient? Who funds the identification
of  such  unimportant bottlenecks? And what type of useless  discovery  is
that?

I  thought I was intolerant to dump Windows filesystems altogether for be-
ing  unable  to cope with paths longer than 255 characters. I hadn't  even
realise  the  cause for that until Windows developers told me.  This  also
means  that if I ever want to copy my files back to a Windows FS, I  can't
(not  trivially though). More annoyingly, Windows permits the creation  of
long paths, but refuses to deal with them over the network. How
counter-intuitive. It has similar issues with unicode in filenames.

Roy

[Date Prev]	[Date Next]	[Thread Prev]	[Thread Next]

Author Index	Date Index	Thread Index