A few days ago, ZIPL0CK introduced a new Denial Of Service vulnerability in Firefox. By creating a huge web page title, which will fill the history.dat file with large content, Firefox will hang for some time (depending the content size and the user's system) on the next time the user will try to use the browser.
Today, Mozilla foundation published an advisory, claiming this issue is not so serious, and that the unresponsiveness of the browser is only "temporary". This is true for the Proof-of-Concept exploit, and for people with strong computers. But by modifying the PoC, an attacker can easily achieve a humongous history.dat file which will cause the Firefox to hang (with 100% CPU utilization) for a LONG LONG time. So long, that most users will not wait just to delete the history as suggested by Mozilla foundation in the advisory. The right workaround would be to delete the history.dat file. Moreover, Mozilla foundation should acknowledge this problem as more severe, and address it as soon as possible.
This reminds me the last time Mozilla underestimated a vulnerability. I've also posted this issue to Full-Disclosure, but yet to receive response from Mozilla.
I think it's been enough time for people to upgrade from v1.0.4. of Firefox. So, here is the PoC exploit for the InstallVersion.compareTo() vulnerability. The PoC does nothing but returns (this can be easily replaced with shell code), and it uses SkyLined's InternetExploiter2 methodology to inject code to the heap.
[UPDATE:] Apparently, Mozilla team has removed the access to the InstallVersion.compareTo() bug report page. I hope this means they will finally set the severity of this security hole in the advisory to higher than just 'Moderate'.
[Another Update:] Packetstorm has removed the Denial-of-Service exploit page. This PoC can be found at milw0rm.
[Last Update? :] The InstallVersion.compareTo() bug report page is opened again. Unfortunately, the severity of the vulnerability in the advisory is still 'Moderate' :(.
[Last Update! :] Victory! Well, Sort Of..