OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Firefox Remote Code Execution and DoS 1.5.0.2

chrissplices.org
Date: Sun Apr 23 2006 - 20:26:37 CDT


---------------------------------------------------
Software:
 Firefox Web Browser
Tested:
 Linux, Windows clients' version 1.5.0.2
Result:
 Firefox Remote Code Execution and Denial of Service - Vendor contacted, no patch yet.
Problem:
 A handling issue exists in how Firefox handles certain Javascript in js320.dll and xpcom_core.dll
regarding iframe.contentWindow.focus(). By manipulating this feature a buffer overflow will occur.
Proof of Concept:
 http://www.securident.com/vuln/ff.txt
Credits:
 splices(splices [dot] org)
 spiffomatic64(spiffomatic64 [dot] com)
 Securident Technologies (securident [dot] com)
------------------------------------------------