Mozilla fault declared non-critical

By Alun Williams

Posted on 12 Dec 2005 at 16:39

The open source Mozilla organisation has issued a security advisory regarding the Firefox browser and the Mozilla Internet Suite.

It relates to 'a temporary startup unresponsiveness caused by web pages in browser history with extremely long titles', declares mozillaZine.

Initially reported as a critical vulnerability, Secunia has issued a security advisory, which has a non-critical rating (reported by ZIPLOCK ) and makes no mention of an exploitable crash. The weakness has been confirmed in version 1.5 of Firefox. Other versions may also be affected, states Secunia.

Successful exploitation of the weakness - getting the user to visit a malicious website with an overly long title - will cause the browser to consume a large amount of CPU and memory resources, according to Secunia.

Essentially, the software will appear to 'hang' on startup, for up to a few minutes on slower machines, which is when it is reading the browsing history data. 'The unresponsive starts will continue until the item with the long title is removed from the history file or eventually expires,' reads Mozilla's warning.

If a user encounters the problem the slow starts can be fixed by simply clearing the browser history, states mozillaZine.