Packetstorm Security has released proof of concept code that causes a buffer overflow and denial of service on the Firefox browser. Long and short of it is, history.dat stores various pieces of information on websites you've visited.
Gut feeling says this'll turn into a code execution exploit.
Response time for this kind of flaw is generally pretty good, but I feel the Fx dev's have quite a lot to learn when it comes to distributing fixes. Let's hope the new update system in 1.5 works as it's supposed to.
I'm having trouble understanding the chatter among the developers at Firefox/Mozilla but it goes something like this.
1) The demonstrated code from packetstorm does NOT crash FF or exploit vulnerability as claimed. It only slows FF down but it would require an incredibly large download to make this happen (assuming it's even possible).
2) There is some question as to whether this 'vulnerability' actually exists. Some can't even reproduce the problem. Others are questioning if this is even a Firefox bug. (This is the part I had the most trouble understanding the back and forth between developers).
3) There is one easy workaround that a user can do to disable the potential problem, if it really exists. There are two working patches for the slowing down bug already submitted as of noon 12/8 (today).
In fact, from packetstorm themselves: "Ullrich, however, said while the potential may exist, it has not been proven either way that malicious code could be executed."
And, from Firefox: "Mozilla Foundation, which released Firefox, said it was not able to confirm the browser would crash or be at risk of a DOS attack, after visiting certain Web sites. And Mozilla has not received any reports from users of such a problem..."
Not a vulnerability at all, just a simple bug which could make Firefox crash. The announcement seems to be riding on the hype over the FF1.5 release more than anything - there is very little substance to the claims.