Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] Another reason for update firefox to 1.5.0.5




http://browserfun.blogspot.com/2006/07/mobb-28-mozilla-navigator-object.
html

Mozilla Navigator Object

The following bug (mfsa2006-45) was tested on Firefox 1.5.0.4 running on
Windows 2000 SP4, Windows XP SP2, and a recently updated Gentoo Linux
system. This bug was reported by TippingPoint and fixed in the latest
1.5.0.5 release of Mozilla Firefox. This is different from the bug I
reported (mfsa2006-48) and is trivial to turn into a working exploit.
The demonstration link below will attempt to launch "calc.exe" on
Windows systems, execute "touch /tmp/METASPLOIT" on Linux systems, and
bind a command shell to port 4444 for Mac OS X Intel and PowerPC systems
(thanks Todd and nemo!).

window.navigator = (0x01020304 / 2);
java.lang.reflect.Runtime.newInstance(
java.lang.Class.forName("java.lang.Runtime"), 0);

Demonstration

This bug has been added to the OSVDB:
Mozilla Multiple Product Window Navigator Object Arbitrary Code
Execution




 




Copyright © Lexa Software, 1996-2009.