|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Full-disclosure] MATIXHASU Firefox Browser DoS/Remote Code Execution
From: Andrew A (gluttony
gmail.com)
Date: Sun Jul 30 2006 - 03:11:15 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
SYSTEMS AFFECTED:
* All versions of Mozilla Firefox 1.5 up to latest on all operating systems.
Earlier versions of Firefox and other Mozilla browsers currently unconfirmed
* Camino, Opera, MSIE and Konqueror are not affected.
OVERVIEW:
Stacking multiple CSS style attributes across span tags leads to a race
condition
which can result in denial of service or arbitrary code execution.
PROOF OF CONCEPT:
DoS proof of concept is available by Tor hidden service:
http://k5goj46pmx25dxnl.onion/lar.html
Remote code execution exploit is available with Tor hidden service
connectback shell shellcode (custom shellcode available on request) for
Linux and Windows from BanLabs. Cost is approx $4000USD plus transfer fees.
Trades accepted. Email for more info.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]