Exploit code to crash the open source Firefox browser has surfaced on the internet. The code is designed to take advantage of a bug in the history.dat file of the recently launched Firefox 1.5 browser.
The history.dat file stores information from websites which the user has visited using Firefox. Users who visit a malicious site loaded with the code could find that their browser will crash.
The flaw has been reported by the SANS Institute’s Internet Storm Centre, although the security implications of the flaw have not been confirmed by the Mozilla Foundation, which distributes Firefox.
It has been suggested by the Internet Storm Centre that the flaw could lead to a malicious execution of code on an affected user’s machine, but Mozilla says there is no evidence of this.
But to be able to start up their browser again, affected users have to manually clear out their browser’s history.dat file.