General discussion


Firefox Exploit...

By Jaqui ·
Code posted on a cracker's website Tuesday

Patch released to remove exploitable error Wednesday

a one day patch time.

gotta love when the real strength of OPEN SOURCE software shows even Microsoft's BEST effort as being lacking. one tenth the time for fixing a Firefox exploit over the WMF exploit.

full article on it, with a link to the exploit code:

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Why do I learn about exploits

by stargazerr In reply to Firefox Exploit...

One day after I download the update??

Coincidence?? <taps finger on chin and wonders>

Thanks Jaqui


Collapse -


by Jaqui In reply to Why do I learn about expl ...

but do you spend all day reading security notices for the software you use?
[ the only way with open source to find out about an exploit before it's patched. ]

You could sign up for free newsletter from the @Risk is a listing and description of exploits.

it's to long to forward it through peer contact.

but here is a listing of the new vulnerabilities just the listing / toc

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (

-- Windows
06.5.1 - Microsoft Internet Explorer Flash ActionScript JScript Handling Denial of Service
-- Other Microsoft Products
06.5.2 - Microsoft Internet Explorer ActiveX Control Kill Bit Bypass
06.5.3 - Microsoft Internet Explorer URLMon.DLL Denial of Service
-- Third Party Windows Apps
06.5.4 - Nullsoft Winamp Malformed Playlist File Handling Remote Buffer Overflow
06.5.5 - Adobe Multiple Unspecified Local Privilege Escalation Vulnerabilities
06.5.6 - MailEnable Professional EXAMINE Command Remote Denial of Service
06.5.7 - Nullsoft Winamp Malformed Playlist File WMA Extension Remote Buffer Overflow
-- Linux
06.5.8 - Linux Kernel Multiple Security Vulnerabilities
06.5.9 - GIT Remote Buffer Overflow
06.5.10 - Fcron Convert-FCronTab Local Buffer Overflow
-- BSD
06.5.11 - FreeBSD TCP SACK Remote Denial of Service
-- Solaris
06.5.12 - Sun Solaris Unspecified x86 64 Bit Local Denial of Service
-- Tru64
06.5.13 - HP Tru64 DNS BIND Unspecified Remote Unauthorized Access
-- Unix
06.5.14 - GNOME Evolution Inline XML File Attachment Buffer Overflow
06.5.15 - MyDNS DNS Query Denial of Service
-- Cross Platform
06.5.16 - Communigate Pro Server LDAP Denial of Service
06.5.17 - Firefox XBL -MOZ-BINDING Property Cross-Domain Scripting
06.5.18 - Pioneers Chat Buffer Denial of Service
06.5.19 - Sun Grid Engine Local Privilege Escalation
06.5.20 - Mail-Audit Insecure Temporary File Creation
06.5.21 - AOL Client Software Unspecified Local Privilege Escalation
06.5.22 - Autodesk Multiple Products Remote Unauthorized Access
06.5.23 - Sun Java System Access Manager Local Authentication Bypass
06.5.24 - Computer Associates Multiple Message Queuing Denial of Service
06.5.25 - Multiple Mozilla Products Memory Corruption/Code
Injection/Access Restriction Bypass Vulnerabilities
-- Web Application - Cross Site Scripting
06.5.26 - PunctWeb MyCO Name Field Cross-Site Scripting
06.5.27 - ASPThai Forums Login.ASP SQL Injection
06.5.28 - sPaiz-Nuke Modules.PHP Cross-Site Scripting
06.5.29 - MyBB UserCP2.PHP Referer Header HTML Injection
06.5.30 - Nuked-klaN Index.PHP Cross-Site Scripting
06.5.31 - Ashwebstudio Ashnews Cross-Site Scripting
06.5.32 - MiniGal MG2 Image Gallery Name Field Cross-Site Scripting
06.5.33 - EasyCMS Multiple Cross-Site Scripting Vulnerabilities
06.5.34 - BrowserCRM Results.PHP Cross-Site Scripting
06.5.35 - Cerberus Helpdesk Clients.PHP Cross-Site Scripting
06.5.36 - phpBB Rlink Module Rlink.PHP Cross-Site Scripting
06.5.37 - SPIP Index.PHP3 Cross-Site Scripting
06.5.38 - Tachyondecay Vanilla Guestbook Multiple Input Validation Vulnerabilities
06.5.39 - SoftMaker Shop Multiple Cross-Site Scripting Vulnerabilities
06.5.40 - CyberShop Ultimate E-commerce Multiple Cross-Site Scripting Vulnerabilities
06.5.41 - Community Server Multiple Cross-Site Scripting Vulnerabilities
-- Web Application - SQL Injection
06.5.42 - MyBB Index.PHP Referrer Cookie SQL Injection
06.5.43 - Invision Power Board Portal Plugin Index.PHP SQL Injection
06.5.44 - ZixForum Multiple SQL Injection Vulnerabilities
06.5.45 - Daffodil CRM Userlogin.ASP SQL Injection
06.5.46 - SZUserMgnt Username Parameter SQL Injection
06.5.47 - Calendarix Multiple SQL Injection Vulnerabilities
06.5.48 - Symantec Sygate Management Server SMS Authentication Servlet SQL Injection
06.5.49 - SPIP Multiple SQL Injection Vulnerabilities
-- Web Application
06.5.50 - UebiMiau HTML Email HTML Injection
06.5.51 - CRE Loaded Files.PHP Access Validation
06.5.52 - PmWiki Multiple Input Validation Vulnerabilities
06.5.53 - AshWebStudio AshNews Remote File Include
06.5.54 - Blackboard Learning System Access Validation
06.5.55 - FarsiNews Loginout.PHP Remote File Include
06.5.56 - @Mail Compose.PL Directory Traversal
-- Network Device
06.5.57 - CipherTrust IronMail Remote Denial Of Service
-- Hardware
06.5.58 - Powersave Unspecified Local Privilege Escalation

Related Discussions

Related Forums