MATIXHASU Firefox Browser DoS/Remote Code Execution

["Andrew A" <gluttony () gmail com>]

SYSTEMS AFFECTED:

* All versions of Mozilla Firefox 1.5 up to latest on all operating systems.
Earlier versions of Firefox and other Mozilla browsers currently unconfirmed
* Camino, Opera, MSIE and Konqueror are not affected.

OVERVIEW:
Stacking multiple CSS style attributes across span tags leads to a race
condition
which can result in denial of service or arbitrary code execution.

PROOF OF CONCEPT:

DoS proof of concept is available by Tor hidden service:
http://k5goj46pmx25dxnl.onion/lar.html
Remote code execution exploit is available with Tor hidden service
connectback shell shellcode (custom shellcode available on request) for
Linux and Windows from BanLabs. Cost is approx $4000USD plus transfer fees.
Trades accepted. Email for more info.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/