Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security NTBugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Firescrolling [Firefox 1.0]

from [Brian Bergin] Network Security [Permanent Link]
Subject: Re: Firescrolling [Firefox 1.0]
Date: Fri, 25 Feb 2005 11:29:16 -0500
At 03:10 25-02-05 Friday, you wrote: 
Remember my Internet Explorer "scrollbar exploit" based on http-equiv's
"What a Drag"? When will people ever learn that "unusual user interaction"
can be hidden by common tasks...

Let's combine fireflashing, firetabbing, xul and javascript to run arbitrary
code by dragging a scrollbar two times.

__Proof-of-Concept

http://www.mikx.de/firescrolling/

__Status

The exploit is based on multiple vulnerabilities:

bugzilla.mozilla.org #280664 (fireflashing)
bugzilla.mozilla.org #280056 (firetabbing)
bugzilla.mozilla.org #281807 (firescrolling)

Upgrade to Firefox 1.0.1 or disable javascript.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0527 to this issue.


Mozilla has apparently decided to delay, to the detriment of its users, the
auto-update feature of Firefox 1.0 so that getting 1.0.1 out there, unless
someone actually looks for updates manually on mozilla.org, will be delayed
several days.  These fixes have been a long time coming and to delay them
to the general user any longer is a disservice, IMHO.

I would encourage Mozilla to reconsider this delay and get the update out
there ASAP via the auto-update feature.

NOTE: Please reply to the list so others may benefit from your
thoughts.  If you're concerned it may not make it to the list, please cc:
me on the reply.

Sincerely,
Terabyte Computers, Inc.

Brian S. Bergin
President

http://www.terabyte.net

--
NTBugtraq Editor's Note:

Most viruses these days use spoofed email addresses. As such, using an 
Anti-Virus product which automatically notifies the perceived sender of a 
message it believes is infected may well cause more harm than good. Someone who 
did not actually send you a virus may receive the notification and scramble 
their support staff to find an infection which never existed in the first 
place. Suggest such notifications be disabled by whomever is responsible for 
your AV, or at least that the idea is considered.
--

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Hidden Applications and rootkits for Windows, Russ
Next by Date:  Re: Firescrolling [Firefox 1.0], Russ
Previous by Thread:  [Full-Disclosure] Firescrolling [Firefox 1.0], mikx
Next by Thread:  Outlook exploit, Paul Wobbe
Indexes:  [Date] [Thread] [Top] [All Lists]