Firefox 1.5.0.2 Remote Code execution and DoS
-
- Posts: 4
- Joined: April 23rd, 2006, 6:21 pm
- Location: efnet
- Contact:
Firefox 1.5.0.2 Remote Code execution and DoS
---------------------------------------------------
Software:
Firefox Web Browser
Tested:
Linux, Windows clients' version 1.5.0.2
Result:
Firefox Remote Code Execution and Denial of Service
Problem:
A handling issue exists in how Firefox handles certain Javascript in js320.dll and xpcom_core.dll
regarding iframe.contentWindow.focus(). By manipulating this feature a buffer overflow will occur.
Proof of Concept:
http://www.securident.com/vuln/ff.txt
Credits:
splices(splices [dot] org)
spiffomatic64(spiffomatic64 [dot] com)
Securident Technologies (securident [dot] com)
------------------------------------------------
Software:
Firefox Web Browser
Tested:
Linux, Windows clients' version 1.5.0.2
Result:
Firefox Remote Code Execution and Denial of Service
Problem:
A handling issue exists in how Firefox handles certain Javascript in js320.dll and xpcom_core.dll
regarding iframe.contentWindow.focus(). By manipulating this feature a buffer overflow will occur.
Proof of Concept:
http://www.securident.com/vuln/ff.txt
Credits:
splices(splices [dot] org)
spiffomatic64(spiffomatic64 [dot] com)
Securident Technologies (securident [dot] com)
------------------------------------------------
-
- Posts: 2379
- Joined: November 19th, 2002, 5:37 pm
splices, did you file this bug in bugzilla?
edit:
Oh wait, this is more or less https://bugzilla.mozilla.org/show_bug.cgi?id=334515 , I think.
edit:
Oh wait, this is more or less https://bugzilla.mozilla.org/show_bug.cgi?id=334515 , I think.
-
- Posts: 4
- Joined: April 23rd, 2006, 6:21 pm
- Location: efnet
- Contact:
- danv
- Posts: 6
- Joined: January 19th, 2005, 2:38 pm
- Location: Santa Cruz, California
Vendor notified where?
"Vendor notified"? (from the vuln page). This is a fan site, did you actually send this to anyone at the Mozilla Foundation? (e.g. security@mozilla.org, bugzilla bug filed with the "this is a security bug" checkbox checked, etc)
-
- Posts: 788
- Joined: March 12th, 2005, 2:05 pm
Now here is something you don't see everyday. Vuln researchers who use flash and loud background music on their website.
www.securident.com
www.securident.com
"Life is a struggle, not against sin, not against the Money Power, not against malicious animal magnetism, but against hydrogen ions."
- HL MENCKEN
- HL MENCKEN
- trolly
- Moderator
- Posts: 39851
- Joined: August 22nd, 2005, 7:25 am
Tested and checked callstack. This looks very like https://bugzilla.mozilla.org/show_bug.cgi?id=334515
This bug was opened on 18-04 so it is approx one week old.
This bug was opened on 18-04 so it is approx one week old.
-
- Posts: 175
- Joined: February 5th, 2004, 8:46 am
Oscar the Prophet wrote:Now here is something you don't see everyday. Vuln researchers who use flash and loud background music on their website.
I wonder why it's called securident. I knocked it on the head after clicking to get rid of the intro and waiting enough tie for any reasonable site to open no matter how secure.
-
- Posts: 4
- Joined: July 29th, 2006, 4:51 pm
Question about the Security Advisory for this
http://www.mozilla.org/security/announc ... 06-30.html says:
"Older clients, including Firefox 1.0.x and the Mozilla Suite 1.7.x, are not affected."
I just tried out the demonstration on
http://browserfun.blogspot.com/2006/07/ ... nmode.html
and it crashes the Mozilla Suite.
System Information:
Win 2000
Mozilla 1.7.12
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915
So, it seems as if the Security Advisory is not correct. What do I do with that information now?
"Older clients, including Firefox 1.0.x and the Mozilla Suite 1.7.x, are not affected."
I just tried out the demonstration on
http://browserfun.blogspot.com/2006/07/ ... nmode.html
and it crashes the Mozilla Suite.
System Information:
Win 2000
Mozilla 1.7.12
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915
So, it seems as if the Security Advisory is not correct. What do I do with that information now?
May the fox set the world on fire.
- trolly
- Moderator
- Posts: 39851
- Joined: August 22nd, 2005, 7:25 am
You could write to the publisher that you think that older versions are also affected.
Think for yourself. Otherwise you have to believe what other people tell you.
A society based on individualism is an oxymoron. || Freedom is at first the freedom to starve.
Constitution says: One man, one vote. Supreme court says: One dollar, one vote.
A society based on individualism is an oxymoron. || Freedom is at first the freedom to starve.
Constitution says: One man, one vote. Supreme court says: One dollar, one vote.
-
- Posts: 4
- Joined: July 29th, 2006, 4:51 pm
- trolly
- Moderator
- Posts: 39851
- Joined: August 22nd, 2005, 7:25 am
http://www.metasploit.com/
Copyright © 2003-2006 Metasploit LLC
Metasploit ™ is a registered trademark
Contact us at msfdev[at]metasploit.com
Think for yourself. Otherwise you have to believe what other people tell you.
A society based on individualism is an oxymoron. || Freedom is at first the freedom to starve.
Constitution says: One man, one vote. Supreme court says: One dollar, one vote.
A society based on individualism is an oxymoron. || Freedom is at first the freedom to starve.
Constitution says: One man, one vote. Supreme court says: One dollar, one vote.
-
- Posts: 6
- Joined: July 31st, 2006, 2:33 pm
-
- Posts: 4
- Joined: July 29th, 2006, 4:51 pm
http://www.mozilla.org/security/announc ... 06-30.html has been updated accordingly.
May the fox set the world on fire.