Exploit code to crash the open source Firefox browser
has surfaced on the internet. The code is designed to take
advantage of a bug in the history.dat file of the recently launched
Firefox 1.5 browser.
The history.dat file stores information from websites which the
user has visited using Firefox. Users who visit a malicious site
loaded with the code could find that their browser will crash.
The flaw has been reported by the SANS Institute’s Internet
Storm Centre, although the security implications of the flaw have
not been confirmed by the Mozilla Foundation, which distributes
Firefox.
It has been suggested by the Internet Storm Centre that the flaw
could lead to a malicious execution of code on an affected user’s
machine, but Mozilla says there is no evidence of this.
But to be able to start up their browser again, affected users
have to manually clear out their browser’s history.dat file.
