Long-title temporary startup unresponsiveness

Web pages with extremely long titles (the posted proof of concept used 2.5 million characters) can cause Mozilla Firefox and the Mozilla Suite to appear to "hang" on startup when reading the browsing history data. The browser will eventually continue normally although this can take up to several minutes on a slower computer. The unresponsive starts will continue until the item with the long title is removed from the history file or eventually expires.

We have investigated this issue and can find no basis for claims that variants of this denial-of-service attack can cause an exploitable crash, and no evidence for this claim has been offered. There does not appear to be any risk to users or their computers beyond the temporary unresponsiveness at startup.

Should the user encounter this problem the slow starts can be fixed by deleting the item from history.

Deleting the item from history

  1. Open History from the Go menu
  2. Select the item with the long title
  3. Press the delete button

Clearing all history data

  • In Firefox 1.5
    1. Select "Clear Private Data" from the Tools menu
    2. Check the "Browsing History" box and press the "Clear Private Data Now" button
  • In Firefox 1.0 (also works in 1.5)
    1. Select "Options" from the "Tools" menu
    2. On the "Privacy" tab select "History"
    3. Press the Clear button in the History section