General discussion

  • Creator
    Topic
  • #2192885

    Firefox Exploit…

    Locked

    by jaqui ·

    Code posted on a cracker’s website Tuesday

    Patch released to remove exploitable error Wednesday

    a one day patch time.

    gotta love when the real strength of OPEN SOURCE software shows even Microsoft’s BEST effort as being lacking. one tenth the time for fixing a Firefox exploit over the WMF exploit.

    full article on it, with a link to the exploit code:

    http://www.itworldcanada.com//Pages/Docbase/ViewArticle.aspx?ID=idgml-146ce53f-e8dd-45a0-a9be-6740967f873c

All Comments

  • Author
    Replies
    • #3093749

      Why do I learn about exploits

      by stargazerr ·

      In reply to Firefox Exploit…

      One day after I download the update?? 😀

      Coincidence??

      Thanks Jaqui

      ]:)

      • #3092069

        maybe

        by jaqui ·

        In reply to Why do I learn about exploits

        but do you spend all day reading security notices for the software you use?
        [ the only way with open source to find out about an exploit before it’s patched. ]

        You could sign up for free newsletter from sans.org the @Risk is a listing and description of exploits.

        it’s to long to forward it through peer contact. 🙁

        but here is a listing of the new vulnerabilities just the listing / toc

        Part II — Comprehensive List of Newly Discovered Vulnerabilities from
        Qualys (www.qualys.com)

        — Windows
        06.5.1 – Microsoft Internet Explorer Flash ActionScript JScript Handling Denial of Service
        — Other Microsoft Products
        06.5.2 – Microsoft Internet Explorer ActiveX Control Kill Bit Bypass
        06.5.3 – Microsoft Internet Explorer URLMon.DLL Denial of Service
        — Third Party Windows Apps
        06.5.4 – Nullsoft Winamp Malformed Playlist File Handling Remote Buffer Overflow
        06.5.5 – Adobe Multiple Unspecified Local Privilege Escalation Vulnerabilities
        06.5.6 – MailEnable Professional EXAMINE Command Remote Denial of Service
        06.5.7 – Nullsoft Winamp Malformed Playlist File WMA Extension Remote Buffer Overflow
        — Linux
        06.5.8 – Linux Kernel Multiple Security Vulnerabilities
        06.5.9 – GIT Remote Buffer Overflow
        06.5.10 – Fcron Convert-FCronTab Local Buffer Overflow
        — BSD
        06.5.11 – FreeBSD TCP SACK Remote Denial of Service
        — Solaris
        06.5.12 – Sun Solaris Unspecified x86 64 Bit Local Denial of Service
        — Tru64
        06.5.13 – HP Tru64 DNS BIND Unspecified Remote Unauthorized Access
        — Unix
        06.5.14 – GNOME Evolution Inline XML File Attachment Buffer Overflow
        06.5.15 – MyDNS DNS Query Denial of Service
        — Cross Platform
        06.5.16 – Communigate Pro Server LDAP Denial of Service
        06.5.17 – Firefox XBL -MOZ-BINDING Property Cross-Domain Scripting
        06.5.18 – Pioneers Chat Buffer Denial of Service
        06.5.19 – Sun Grid Engine Local Privilege Escalation
        06.5.20 – Mail-Audit Insecure Temporary File Creation
        06.5.21 – AOL Client Software Unspecified Local Privilege Escalation
        06.5.22 – Autodesk Multiple Products Remote Unauthorized Access
        06.5.23 – Sun Java System Access Manager Local Authentication Bypass
        06.5.24 – Computer Associates Multiple Message Queuing Denial of Service
        06.5.25 – Multiple Mozilla Products Memory Corruption/Code
        Injection/Access Restriction Bypass Vulnerabilities
        — Web Application – Cross Site Scripting
        06.5.26 – PunctWeb MyCO Name Field Cross-Site Scripting
        06.5.27 – ASPThai Forums Login.ASP SQL Injection
        06.5.28 – sPaiz-Nuke Modules.PHP Cross-Site Scripting
        06.5.29 – MyBB UserCP2.PHP Referer Header HTML Injection
        06.5.30 – Nuked-klaN Index.PHP Cross-Site Scripting
        06.5.31 – Ashwebstudio Ashnews Cross-Site Scripting
        06.5.32 – MiniGal MG2 Image Gallery Name Field Cross-Site Scripting
        06.5.33 – EasyCMS Multiple Cross-Site Scripting Vulnerabilities
        06.5.34 – BrowserCRM Results.PHP Cross-Site Scripting
        06.5.35 – Cerberus Helpdesk Clients.PHP Cross-Site Scripting
        06.5.36 – phpBB Rlink Module Rlink.PHP Cross-Site Scripting
        06.5.37 – SPIP Index.PHP3 Cross-Site Scripting
        06.5.38 – Tachyondecay Vanilla Guestbook Multiple Input Validation Vulnerabilities
        06.5.39 – SoftMaker Shop Multiple Cross-Site Scripting Vulnerabilities
        06.5.40 – CyberShop Ultimate E-commerce Multiple Cross-Site Scripting Vulnerabilities
        06.5.41 – Community Server Multiple Cross-Site Scripting Vulnerabilities
        — Web Application – SQL Injection
        06.5.42 – MyBB Index.PHP Referrer Cookie SQL Injection
        06.5.43 – Invision Power Board Portal Plugin Index.PHP SQL Injection
        06.5.44 – ZixForum Multiple SQL Injection Vulnerabilities
        06.5.45 – Daffodil CRM Userlogin.ASP SQL Injection
        06.5.46 – SZUserMgnt Username Parameter SQL Injection
        06.5.47 – Calendarix Multiple SQL Injection Vulnerabilities
        06.5.48 – Symantec Sygate Management Server SMS Authentication Servlet SQL Injection
        06.5.49 – SPIP Multiple SQL Injection Vulnerabilities
        — Web Application
        06.5.50 – UebiMiau HTML Email HTML Injection
        06.5.51 – CRE Loaded Files.PHP Access Validation
        06.5.52 – PmWiki Multiple Input Validation Vulnerabilities
        06.5.53 – AshWebStudio AshNews Remote File Include
        06.5.54 – Blackboard Learning System Access Validation
        06.5.55 – FarsiNews Loginout.PHP Remote File Include
        06.5.56 – @Mail Compose.PL Directory Traversal
        — Network Device
        06.5.57 – CipherTrust IronMail Remote Denial Of Service
        — Hardware
        06.5.58 – Powersave Unspecified Local Privilege Escalation

Viewing 0 reply threads