[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1865973b0607300111u7b850243t1bcad0ffe23ebba7@mail.gmail.com>
Date: Sun, 30 Jul 2006 01:11:15 -0700
From: "Andrew A" <gluttony@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: MATIXHASU Firefox Browser DoS/Remote Code
Execution
SYSTEMS AFFECTED:
* All versions of Mozilla Firefox 1.5 up to latest on all operating systems.
Earlier versions of Firefox and other Mozilla browsers currently unconfirmed
* Camino, Opera, MSIE and Konqueror are not affected.
OVERVIEW:
Stacking multiple CSS style attributes across span tags leads to a race
condition
which can result in denial of service or arbitrary code execution.
PROOF OF CONCEPT:
DoS proof of concept is available by Tor hidden service:
http://k5goj46pmx25dxnl.onion/lar.html
Remote code execution exploit is available with Tor hidden service
connectback shell shellcode (custom shellcode available on request) for
Linux and Windows from BanLabs. Cost is approx $4000USD plus transfer fees.
Trades accepted. Email for more info.
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists