[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <6905b1570704041223n52306488p18982377ac571fc@mail.gmail.com>
Date: Wed, 4 Apr 2007 20:23:41 +0100
From: "pdp (architect)" <pdp.gnucitizen@...glemail.com>
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
"WASC Forum" <websecurity@...appsec.org>,
"webappsec @OWASP" <webappsec@...ts.owasp.org>
Subject: Firefox extensions go Evil - Critical
Vulnerabilities in Firefox/Firebug
http://www.gnucitizen.org/blog/firebug-goes-evil
There is critical vulnerability in Firefox/Firebug which allows
attackers to inject code inside the browser chrome. This can lead to a
lot of problems. Theoretically everything is possible, from modifying
the user file system to launching processes, installing ROOTKITs, you
name it.
I recommend to disable Firebug for now until the issue is fixed. The
issues is a bit critical since Firebug is one of the most popular
extensions for Firefox. Given the fact that a lot of the Firefox users
are geeks, the chances to have Firebug installed in a random Firefox
client are quite high.
I wrote two POC to demonstrate the issue. You can find them from the
page on the top of this message. The first POC runs calc.exe and
cmd.exe on windows systems. The second POC does a count down from 10
to 0 and executes calc.exe to prove that automatic execution is
possible.
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists