General discussion
Thread display: Collapse - |
All Comments
Start or search
Create a new discussion
If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.
Firefox/Mozilla/Netscape exploit code
"Mozilla/Firefox/Netscape Browsers IDN URI Buffer Overflow
Description: Exploit code has been publicly posted for the IDN URI
buffer overflow in Mozilla, Firefox and Netscape browsers"
Exploit Code
http://www.frsirt.com/exploits/20050922.PwnZilla.php
This exploit was reported last week, the code was released this week.
but not to worry:
"
FireFox, Mozilla and Thunderbird Remote Command Injection
Affected:
On UNIX platforms:
Mozilla Firefox 1.0.6 and prior
Mozilla Suite 1.7.11 and prior
Thunderbird 1.0.6 and prior
Description: This vulnerability in Mozilla/FireFox browsers and
Thunderbird email client can be exploited to execute arbitrary commands
on UNIX systems. The problem occurs when a URL containing "backtick" is
passed as an argument to Mozilla, Firefox or Thunderbird. For instance,
issuing a command "firefox http://local\`ls`\" will result in the
execution of the 'ls' command. Systems using Mozilla/Firefox as default
browsers and Thunderbird as default email client are at a higher risk
as visiting a malicious webpage may result in the execution of attacker
specified commands.
Status: Updates have been released to address this issue for Mozilla and Firefox.
"
Mozilla Bugzilla Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=307185
Secunia Advisory (discovered by Peter Zelezny)
http://secunia.com/advisories/16869
SecurityFocus BID
http://www.securityfocus.com/bid/14888
one week, patched, and released.
exploit code posted after patch released.
and all within the 60 day time limit.
more egg on the faces of proprietary software vendors?
( in my opinion, yes. )
just figured that this would be of interest to those that followed this:
http://techrepublic.com.com/5208-11193-0.html?forumID=4&threadID=180733&messageID=1842098