[ilugd] [Fwd: [Webappsec] Firefox extensions go Evil - Critical Vulnerabilities in Firefox/Firebug]

2007-04-12 Thread Raj Shekhar 
if you use firebug, better upgrade.

 Original Message 
Subject: [Webappsec] Firefox extensions go Evil - Critical 
Vulnerabilities in Firefox/Firebug
Date: Wed, 4 Apr 2007 20:23:41 +0100
From: pdp (architect) [EMAIL PROTECTED]
To: [EMAIL PROTECTED], [EMAIL PROTECTED],   WASC 
Forum [EMAIL PROTECTED], webappsec @OWASP 
[EMAIL PROTECTED]

http://www.gnucitizen.org/blog/firebug-goes-evil

There is critical vulnerability in Firefox/Firebug which allows
attackers to inject code inside the browser chrome. This can lead to a
lot of problems. Theoretically everything is possible, from modifying
the user file system to launching processes, installing ROOTKITs, you
name it.

I recommend to disable Firebug for now until the issue is fixed. The
issues is a bit critical since Firebug is one of the most popular
extensions for Firefox. Given the fact that a lot of the Firefox users
are geeks, the chances to have Firebug installed in a random Firefox
client are quite high.

I wrote two POC to demonstrate the issue. You can find them from the
page on the top of this message. The first POC runs calc.exe and
cmd.exe on windows systems. The second POC does a count down from 10
to 0 and executes calc.exe to prove that automatic execution is
possible.

-- 
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Webappsec mailing list
[EMAIL PROTECTED]
http://lists.owasp.org/mailman/listinfo/webappsec


-- 
raj shekhar
facts: http://rajshekhar.net | opinions: http://rajshekhar.net/blog
I dare do all that may become a man; Who dares do more is none.

___
ilugd mailinglist -- [EMAIL PROTECTED]
http://frodo.hserus.net/mailman/listinfo/ilugd
Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi 
http://www.mail-archive.com/[EMAIL PROTECTED]/

Re: [ilugd] [Fwd: [Webappsec] Firefox extensions go Evil - Critical Vulnerabilities in Firefox/Firebug]

2007-04-12 Thread ­Honey ­ 
Similarly this xpi creates many vulnerability
like u might heard of www.jajah.com that provides VOIP.
but their is a an firefox extension of jajah.xpi dat's lhv easy interface
to register with any phone no  provide a plateform to Spoil any
phone 
balancehttp://honeytech.wordpress.com/2007/02/15/exploit-of-jajah-webtelephony-spoil-any-phone-balance/

reference:-
http://honeytech.wordpress.com/2007/02/15/exploit-of-jajah-webtelephony-spoil-any-phone-balance/

On 4/12/07, Raj Shekhar [EMAIL PROTECTED] wrote:

 if you use firebug, better upgrade.

  Original Message 
 Subject: [Webappsec] Firefox extensions go Evil - Critical
 Vulnerabilities in Firefox/Firebug
 Date: Wed, 4 Apr 2007 20:23:41 +0100
 From: pdp (architect) [EMAIL PROTECTED]
 To: [EMAIL PROTECTED], [EMAIL PROTECTED],
 WASC
 Forum [EMAIL PROTECTED], webappsec @OWASP
 [EMAIL PROTECTED]

 http://www.gnucitizen.org/blog/firebug-goes-evil

 There is critical vulnerability in Firefox/Firebug which allows
 attackers to inject code inside the browser chrome. This can lead to a
 lot of problems. Theoretically everything is possible, from modifying
 the user file system to launching processes, installing ROOTKITs, you
 name it.

 I recommend to disable Firebug for now until the issue is fixed. The
 issues is a bit critical since Firebug is one of the most popular
 extensions for Firefox. Given the fact that a lot of the Firefox users
 are geeks, the chances to have Firebug installed in a random Firefox
 client are quite high.

 I wrote two POC to demonstrate the issue. You can find them from the
 page on the top of this message. The first POC runs calc.exe and
 cmd.exe on windows systems. The second POC does a count down from 10
 to 0 and executes calc.exe to prove that automatic execution is
 possible.

 --
 pdp (architect) | petko d. petkov
 http://www.gnucitizen.org
 ___
 Webappsec mailing list
 [EMAIL PROTECTED]
 http://lists.owasp.org/mailman/listinfo/webappsec


 --
 raj shekhar
 facts: http://rajshekhar.net | opinions: http://rajshekhar.net/blog
 I dare do all that may become a man; Who dares do more is none.

 ___
 ilugd mailinglist -- [EMAIL PROTECTED]
 http://frodo.hserus.net/mailman/listinfo/ilugd
 Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi
 http://www.mail-archive.com/[EMAIL PROTECTED]/




-- 
Honey Singh
3rd yr
RKGIT
http://honeytech.wordpress.com/
my Music Video:-
http://video.google.com/videoplay?docid=-8752423381028565635q=controlmyself
___
ilugd mailinglist -- [EMAIL PROTECTED]
http://frodo.hserus.net/mailman/listinfo/ilugd
Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi 
http://www.mail-archive.com/[EMAIL PROTECTED]/