[ news_security_news ]
Firefox Hates Long URLS
John Stith
Staff Writer
2005-12-13
 Insider Reports RSS Feed
The kids at Mozilla say they've got a problem with long URLs in the Firefox 1.5, the latest release of the up and coming browser. Sites with long domain names make it seem like the computer has crashed.
Firefox issued a security advisory on Sunday although they don't really feel the problem makes them vulnerable to attacks. Mozilla suggested this problem could generate a buffer overflow error but didn't think it would cause any long-term problems and they ruled out denial-of-service attacks. The way to fix the problem is to clear out the data history and get rid of the address entirely.
The problem they call "Long-title temporary unresponsiveness startup" is generally a problem in only certain cases. They stated on their site that the posted proof of concept used 2.5 million. The only real reason for something that long would be to overload the buffer. Mozilla said they've looked into this issue though and found no problems:
"We have investigated this issue and can find no basis for claims that variants of this denial-of-service attack can cause an exploitable crash, and no evidence for this claim has been offered. There does not appear to be any risk to users or their computers beyond the temporary unresponsiveness at startup."
The issue though is when Firefox gets hit, it's usually because of buffer overflow problems. Generally, the vulnerabilities in the system are found there and based on this information, Mozilla seems to not have fully corrected the problem.
About the Author:
John is a staff writer for SecurityProNews covering cyber security.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
