Full Disclosure mailing list archives
Re: Found a lot of sites exploiting Firefox URI vulnerability!!! - part 2
From: Daniel Veditz <dveditz () cruzio com>
Date: Mon, 13 Aug 2007 11:09:49 -0700
carl hardwick wrote:
Found a lof of sites exploiting Firefox URI vulnerability!!!
Maybe I'm getting to these sites after they've been cleaned up, or maybe I'm just missing it, but what exactly are they exploiting and how? I don't see anything that looks like the recent announced Firefox URI problems (no firefoxurl: URIs, no %00 or double-quotes in URIs). One site did try to download a probably-malicious "codec.exe", but that was a simple "location=" trick that works on any browser (a save dialog came up). _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Found a lot of sites exploiting Firefox URI vulnerability!!! - part 2 carl hardwick (Aug 13)
- Re: Found a lot of sites exploiting Firefox URI vulnerability!!! - part 2 Daniel Veditz (Aug 13)
- <Possible follow-ups>
- Found a lot of sites exploiting Firefox URI vulnerability!!! - part 2 carl hardwick (Aug 14)