IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 1 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Security Forum / Holey Firefox!
Post #206,493
by a6l6e6x
Picture of a6l6e6x
5/8/05 12:46:07 PM
Reply
New Holey Firefox!
Disable Javascript, for now.

[link|http://www.theinquirer.net/?article=23085|the Inquirer]:
According to Secunia, these involve cross scripting attacks involving IFRAME Javascript URLs and input passed to the IconURL parameter.

The holes have been confirmed in version 1.0.3, and exploit code is publicly available, said Secunia, in its note, [link|http://secunia.com/product/4227/|here]
Alex
The trouble with the world is that the stupid are cocksure and the intelligent are full of doubt. -- Bertrand Russell
Post #206,554
by folkert
Picture of folkert
5/8/05 9:05:57 PM
Reply
New Not a real big issue for those of us
who use *NIX properly with a (non-priv'd) user.

Worst thing that can happen is a problem with the users directory.

OH and BTW
Successful exploitation requires that the site is allowed to install software (default sites are "update.mozilla.org" and "addons.mozilla.org").

A combination of vulnerability 1 and 2 can be exploited to execute arbitrary code.


There are other exploits/vulnerabilities that are this minimal as well on *NIX.

Windows this is extremely bad, the one size fits all and "open-m^Hness" that Windows is... well we know why it is a problem.
--
[link|mailto:greg@gregfolkert.net|greg],
[link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwethey
[image|http://www.danasoft.com/vipersig.jpg||||]
Post #209,385
by andread
6/1/05 2:28:47 PM
Reply
New Re: Holey Firefox!
there is 1.04

A
Play I Some Music w/ Papa Andy
Saturday 8 PM - 11 PM ET
All Night Rewind 11 PM - 5 PM
Reggae, African and Caribbean Music
[link|http://wxxe.org|Tune In]
     Holey Firefox! - (a6l6e6x) - (2) - May 8, 2005, 12:46:07 PM EDT
         Not a real big issue for those of us - (folkert) - May 8, 2005, 09:05:57 PM EDT
         Re: Holey Firefox! - (andread) - June 1, 2005, 02:28:47 PM EDT

It would be good if people could help with the swift opening of bags that are wiggling and/or noisy.
51 ms