Select Page

Reported by one newsletter as “Firefox Subject to DoS Attack”, it’s really not that big of a deal (at least at this juncture, but one is never complacent in the security business).

Firefox has a vulnerability with hugely long URLs (and I do mean huge) where it slows down.  Part of the problem is that the slowdown continues as long as you have the mega URL in Firefox’s history.

The Mozilla folks have investigated it and they believe there’s no evidence that a DoS scenario using this long URL vulnerability could result in a security issue.

Web pages with extremely long titles (the posted proof of concept used 2.5 million characters) can cause Mozilla Firefox and the Mozilla Suite to appear to “hang” on startup when reading the browsing history data. The browser will eventually continue normally although this can take up to several minutes on a slower computer. The unresponsive starts will continue until the item with the long title is removed from the history file or eventually expires.

We have investigated this issue and can find no basis for claims that variants of this denial-of-service attack can cause an exploitable crash, and no evidence for this claim has been offered. There does not appear to be any risk to users or their computers beyond the temporary unresponsiveness at startup.

Should the user encounter this problem the slow starts can be fixed by deleting the item from history.

Link here.

 

Alex Eckelberry