On Fri, 2007-07-27 at 14:56 -0500, Nate McFeters wrote:
> Relax it back man, it's almost time for Vegas... don't take every
> joking email you get so seriously, it could be bad for your health in
> the long run.
What happens in Vegas, stays in Vegas. Unless you tell me about it.
--
This email m
It was a joke Waldo, relax man. Geez people take life to seriously. If you
noted the smiley face I put at the end of your PGP Key, you would see that I
was trying to clue you into the joke myself. As for the rest, it seems like
that is a coment for Mozilla and not for me; however, you original e
Hi Nate:
On 7/25/07, Nate McFeters <[EMAIL PROTECTED] > wrote:
>
> Hey Waldo,
>
> As always with exploits, it's difficult to predict how they will
> interact in every environment they may be accessed in.
No is not with the exploit. I actually haven't tried it. In fact I'm a
little outdated (and
Hey Waldo,
As always with exploits, it's difficult to predict how they will
interact in every environment they may be accessed in. If you have
launch external URI's on by default, the tab issue will come up;
however, the exploit should still occur. I'd recommend turning off
the launch external U
Well I hope the next version won't open 45 internet explorers when I click
the mailto URLs. And that when you download something you don't have the
save button enabled by default (and with that delay to avoid return hits
security things) It should have enabled by default the cancel button.
Instead
Check out our blog on xs-sniper.com. There's more info there. This
flaw does somewhat depend upon what you have installed, as is
referenced on our blog page. Keep in mind that the URI's are tied to
commands thru the registry, and that those commands are where the
command injections go. If you h
works like a charm :) ?
On 7/25/07, Mesut EREN <[EMAIL PROTECTED]> wrote:
>
>
>
> Hi all,
>
> FF 2.0.0.5 new remote code Execution vulnerability, I tested FF 2.0.0.5. But
> don't work is code.
>
> Example code is
>
> mailto:%00%00../../../../../../windows/system32/cmd".exe
> ../../../../../../../.
On Wed, 25 Jul 2007 11:38:57 +0300, Mesut EREN said:
> Example code is
mailto:%00%00../../../../../../windows/system32/cmd";>
nntp:%00%00../../../../../../windows/system32/cmd";>
What did you *expect* each of these to do, and what actually happened?
(And it's totally unclear what your '- blah.b
Hi all,
FF 2.0.0.5 new remote code Execution vulnerability, I tested FF 2.0.0.5. But
don't work is code.
Example code is
mailto:%00%00../../../../../../windows/system32/cmd".exe
../../../../../../../../windows/system32/calc.exe " - " blah.bat
nntp:%00%00../../../../../../windows/system32/cmd".