Mozilla Foundation Security Advisory 2006-03

Long document title causes startup denial of service

Announced
February 1, 2006
Reporter
ZIPLOCK
Impact
Low
Products
Firefox, Mozilla Suite, SeaMonkey
Fixed in
  • Firefox 1.0.8
  • Firefox 1.5.0.1
  • Mozilla Suite 1.7.13
  • SeaMonkey 1

Description

Web pages with extremely long titles--the public demonstration had a title 2.5 million characters long--cause subsequent launches of the browser to appear to "hang" for up to a few minutes, or even crash if the computer has insufficient memory.

Once affected this condition will recur every time the browser is started until the item expires from the saved browsing history or the user deletes the file history.dat from the user profile directory.

Update (13 April 2006)
Updated versions of Firefox 1.0 and the Mozilla Suite 1.7 have been released containing this fix.

Workaround

This problem can be prevented in vulnerable versions by turning off the saving of browser history. In Firefox:

  1. Open the Options dialog from the Tools menu
  2. Select the Privacy icon
  3. In the History section set the remembered duration to 0 days

The steps for the Mozilla Suite are similar

References