[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] MATIXHASU Firefox Browser DoS/Remote Code Execution

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] MATIXHASU Firefox Browser DoS/Remote Code Execution
From: "Andrew A" <gluttony@xxxxxxxxx>
Date: Sun, 30 Jul 2006 01:11:15 -0700

SYSTEMS AFFECTED:

* All versions of Mozilla Firefox 1.5 up to latest on all operating systems.
Earlier versions of Firefox and other Mozilla browsers currently unconfirmed
* Camino, Opera, MSIE and Konqueror are not affected.

OVERVIEW:
Stacking multiple CSS style attributes across span tags leads to a race
condition
which can result in denial of service or arbitrary code execution.

PROOF OF CONCEPT:

DoS proof of concept is available by Tor hidden service:
http://k5goj46pmx25dxnl.onion/lar.html
Remote code execution exploit is available with Tor hidden service
connectback shell shellcode (custom shellcode available on request) for
Linux and Windows from BanLabs. Cost is approx $4000USD plus transfer fees.
Trades accepted. Email for more info.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] X-Statics 1.20 SQL Injection Vulnerability
Next by Date: [Full-disclosure] mitigating botnet C&Cs has become useless
Previous by thread: [Full-disclosure] X-Statics 1.20 SQL Injection Vulnerability
Next by thread: [Full-disclosure] mitigating botnet C&Cs has become useless
Index(es):
- Date
- Thread