Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Mozilla protocol abuse

from [bugtraq] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Mozilla protocol abuse
Date: Wed, 25 Jul 2007 15:00:44 -0400 (EDT) 
Does anyone know of a full list of Protocol handlers on the major browsers in a 
central location?

- Robert
http://www.cgisecurity.com/ Application Security news and more.

 

The Mozilla application platform currently has an unpatched input 
validation flaw which allows you to specify arbitrary command line 
arguments to any registered URL protocol handler process. Jesper 
Johansson already detailed parts of this on his blog on July 20, 
http://msinfluentials.com/blogs/jesper/. I wrote a vulnerability report 
on July 18 together with a proof-of-concept exploit that targeted 
Thunderbird 2.0.0.4.

Thunderbird 2.0.0.5 was released on July 19 and incidentally fixed this 
specific attack vector through its "osint" command line flag. It is now 
6 days later and people should have had time to update their Thunderbird 
installations, so I have decided to publish my vulnerability report 
together with the exploits as they detail how to handle XPI exploitation.

The HTML version can be found at

http://larholm.com/2007/07/25/mozilla-protocol-abuse/

A ZIP file with the report and the XPI exploits can be found at

http://larholm.com/media/2007/7/mozillaprotocolabuse.zip 


Cheers
Thor Larholm

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] [ GLSA 200707-09 ] GIMP: Multiple integer overflows, Raphael Marichez
Next by Date:  [ MDKSA-2007:148 ] - Updated tcpdump packages fix BGP dissector vulnerability, security
Previous by Thread:  Re: [Full-disclosure] Mozilla protocol abuse, Nate McFeters
Next by Thread:  Re: [Full-disclosure] Mozilla protocol abuse, Thor Larholm
Indexes:  [Date] [Thread] [Top] [All Lists]