Full Disclosure mailing list archives
MATIXHASU Firefox Browser DoS/Remote Code Execution
From: "Andrew A" <gluttony () gmail com>
Date: Sun, 30 Jul 2006 01:11:15 -0700
SYSTEMS AFFECTED: * All versions of Mozilla Firefox 1.5 up to latest on all operating systems. Earlier versions of Firefox and other Mozilla browsers currently unconfirmed * Camino, Opera, MSIE and Konqueror are not affected. OVERVIEW: Stacking multiple CSS style attributes across span tags leads to a race condition which can result in denial of service or arbitrary code execution. PROOF OF CONCEPT: DoS proof of concept is available by Tor hidden service: http://k5goj46pmx25dxnl.onion/lar.html Remote code execution exploit is available with Tor hidden service connectback shell shellcode (custom shellcode available on request) for Linux and Windows from BanLabs. Cost is approx $4000USD plus transfer fees. Trades accepted. Email for more info.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- MATIXHASU Firefox Browser DoS/Remote Code Execution Andrew A (Jul 30)