Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Mozilla protocol abuse

from [Thor Larholm] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Mozilla protocol abuse
Date: Thu, 26 Jul 2007 03:32:15 +0200 
Since I published this report it has come to my attention that 
Thunderbird 1.5, unlike Thunderbird 2.0, has not been patched with the 
"osint" security flag. As such all Thunderbird 1.5 users are vulnerable 
against this attack and those exploits. Now would be a good time to 
upgrade to Thunderbird 2.0.

http://larholm.com/2007/07/26/thunderbird-15-has-not-been-patched-with-osint/

Regards
Thor Larholm


Thor Larholm wrote:

The Mozilla application platform currently has an unpatched input 
validation flaw which allows you to specify arbitrary command line 
arguments to any registered URL protocol handler process. Jesper 
Johansson already detailed parts of this on his blog on July 20, 
http://msinfluentials.com/blogs/jesper/. I wrote a vulnerability 
report on July 18 together with a proof-of-concept exploit that 
targeted Thunderbird 2.0.0.4.

Thunderbird 2.0.0.5 was released on July 19 and incidentally fixed 
this specific attack vector through its "osint" command line flag. It 
is now 6 days later and people should have had time to update their 
Thunderbird installations, so I have decided to publish my 
vulnerability report together with the exploits as they detail how to 
handle XPI exploitation.

The HTML version can be found at

http://larholm.com/2007/07/25/mozilla-protocol-abuse/

A ZIP file with the report and the XPI exploits can be found at

http://larholm.com/media/2007/7/mozillaprotocolabuse.zip

Cheers
Thor Larholm


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] [ GLSA 200707-11 ] MIT Kerberos 5: Arbitrary remote code execution, Raphael Marichez
Next by Date:  [ MDKSA-2007:150 ] - Updated clamav packages fix vulnerabilities, security
Previous by Thread:  Re: [Full-disclosure] Mozilla protocol abuse, Thor Larholm
Next by Thread:  [Full-disclosure] ZDI-07-044: BakBone NetVault Reporter Scheduler Heap Overflow Vulnerability, zdi-disclosures
Indexes:  [Date] [Thread] [Top] [All Lists]