The Turkey Curse
fukamis terror chatroom

Firelinking

Pungenday, 35th Discord, 3171.
Code fukami 62927 2 Comments | Trackback URI

Astro pointed me to an interessting Exploit for Firefox 1.0.2. On MacOS X the demonstration only works with User 501, since it tries to write into the root of the system partition, but it can be quite easily modified. Beside MacOS it has been successfully tested with FreeBSD, Linux and Windows.

---

2 Comments »

  1. That’s sad. Especially because the Firefox ppl advertised their browser as “the secure browser”.

    Comment by Astro — Pungenday, 35th Discord, 3171. @ 79939

  2. I have nearly 400 Packages installed on my FreeBSD box and I count only 6 advisories. But 5 of them are going to firefox :-/.

    #> pkg_info | wc -l
    382

    #> portaudit
    Affected package: firefox-1.0.2,1
    Type of problem: firefox — PLUGINSPAGE privileged javascript execution.
    Reference:

    Affected package: firefox-1.0.2,1
    Type of problem: mozilla — privilege escalation via DOM property overrides.
    Reference:

    Affected package: firefox-1.0.2,1
    Type of problem: mozilla — code execution through javascript: favicons.
    Reference:

    Affected package: firefox-1.0.2,1
    Type of problem: mozilla — javascript “lambda” replace exposes memory contents.
    Reference:

    Affected package: firefox-1.0.2,1
    Type of problem: firefox — arbitrary code execution in sidebar panel.
    Reference:

    Affected package: wget-1.8.2_7
    Type of problem: wget — multiple vulnerabilities.
    Reference:

    6 problem(s) in your installed packages found.
    You are advised to update or deinstall the affected package(s) immediately.

    Comment by robo — Pungenday, 35th Discord, 3171. @ 80467

RSS feed for comments on this post. | TrackBack URI

Leave a comment



"There's a fine line between fishing and just standing on the shore like an idiot." - Steven Wright

The Turkey Curse is powered by WordPress, template idea by Priss

Entries (RSS) and Comments (RSS).
Generated in 0.064 seconds.