You are currently viewing a snapshot of www.mozilla.org taken on April 21, 2008. Most of this content is highly out of date (some pages haven't been updated since the project began in 1998) and exists for historical purposes only. If there are any pages on this archive site that you think should be added back to www.mozilla.org, please file a bug.



You are here: Known Vulnerabilities in Mozilla Products (Firefox 1.5.0.1) > MFSA 2006-03

Mozilla Foundation Security Advisory 2006-03

Title: Long document title causes startup denial of service
Severity: Low
Date: February 1, 2006
Reporter: ZIPLOCK
Products: Firefox, Mozilla Suite

Fixed in: Firefox 1.5.0.1
  SeaMonkey 1.0
  Firefox 1.0.8
  Mozilla Suite 1.7.13

Description

Web pages with extremely long titles--the public demonstration had a title 2.5 million characters long--cause subsequent launches of the browser to appear to "hang" for up to a few minutes, or even crash if the computer has insufficient memory.

Once affected this condition will recur every time the browser is started until the item expires from the saved browsing history or the user deletes the file history.dat from the user profile directory.

Update (13 April 2006)
Updated versions of Firefox 1.0 and the Mozilla Suite 1.7 have been released containing this fix.

Workaround

This problem can be prevented in vulnerable versions by turning off the saving of browser history. In Firefox:

  1. Open the Options dialog from the Tools menu
  2. Select the Privacy icon
  3. In the History section set the remembered duration to 0 days

The steps for the Mozilla Suite are similar

References