14 DAY TRIAL // The Firefox 1.5 browser, which was introduced as an update that includes a number of improvements, including "significant" performance and usability upgrades, was announced today as vulnerable, due to a non-critical breach in the security system and a DoS attack could be organized by a hacker.
The vulnerability was made public a few days ago under the "proof-of-concept" label and Mozilla representatives as well as security companies thought little of it and their conclusion was that, in the worst case scenario, it should be considered more of an "annoyance" than a serious security vulnerability. A successful attacker can fill the browser's "history.dat" file with large history information by tricking a user into visiting a malicious Web site with an overly large title.
So far, Mozilla engineers have analyzed data from the browser's built-in crash reporting tool and could not find anything beyond the browser consuming a large amount of CPU and memory resources when it starts up after an attack.
Secunia labeled this problem as non critical, but recommends that Firefox 1.5 users remove the "history.dat" or configure the browser to clear history information when closing the browser. This can be done via the browser's Tools > Options > Privacy > Settings feature.