To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/security/0,39024655,39155003,00.htm

Mozilla issues Firefox security warning
Your buffer overfloweth...

By Colin Barker

Published: Tuesday 13 December 2005

The Mozilla Foundation has issued a security advisory, acknowledging concerns about a potential flaw in its Firefox 1.5 browser that could cause a buffer overflow error.

However, the browser company strenuously denied in its Sunday advisory that the problem would cause any lasting damage to the application. It maintains that the glitch is very easy to fix.

The issue came to light last Wednesday, when the first exploit code for the potential vulnerability was published.

The problem occurs with extremely long history.dat files. If the history file gets larger than 10.5MB, then the system can appear to freeze. Mozilla said the system is not actually frozen but it takes time to clear the history buffer. The company said that to cure the problem, users need to clear the History archive.

Mozilla said in a statement it has "issued a security advisory on a temporary start-up unresponsiveness caused by web pages in a browser history with extremely long titles. If a user encounters this problem, the slow start can be fixed by clearing the browser history."

The problem has been given a non-critical rating by Mozilla.

Colin Barker writes for ZD Net UK