The exploit code takes advantage of vulnerabilities in the recently released Firefox 1.5, running on Windows XP with Service Pack 2. Firefox, which initially debuted over a year ago, has moved swiftly to capture 8 percent of the browser market.
The latest Firefox vulnerability exists in the history.dat file, which stores information from Web sites users have visited with the Firefox 1.5 browser, according to a posting on the Internet Storm Centre, which monitors online threats.
"If the topic of a page is crafted to be long enough, it will crash the browser each time it is started after going to such a page," according to the Internet Storm Centre posting. "Once this happens, Firefox will be unable to be started until you erase the history.dat file manually."
Packet Storm, the security group that initially published the proof-of-concept exploit code, noted that in addition to the potential denial-of-service attack that could follow a buffer overflow, systems may also be subject to a malicious execution of code.
According to the Internet Storm Centre, "Presumably, if the topic was more tightly crafted than in the proof-of-concept code, a more malicious attack could be crafted that would install malware on the machine."
The Mozilla Foundation, which released Firefox, confirmed the browser is susceptible to a denial-of-service attack if a user visits a Web site that has the exploit code. But Firefox 1.5 has yet to encounter any exploit code that would create further damage than crashing the browser or making it sluggish to fire up, said Mike Schroepfer, vice president of engineering at Mozilla.
Mozilla has not received any reports of an exploit circulating to take advantage of the history.dat flaw and will continue to investigate the severity of the vulnerability, Schroepfer said. He added that Mozilla may include a patch for the flaw in its next update cycle, which occurs every six to eight weeks, unless a more serious exploit is released before then.
Until then, Firefox users should disable their history.dat file, security experts advised.
