[Full-disclosure] MATIXHASU Firefox Browser DoS/Remote Code Execution
Andrew A
gluttony at gmail.com
Sun Jul 30 09:11:15 BST 2006
SYSTEMS AFFECTED:
* All versions of Mozilla Firefox 1.5 up to latest on all operating systems.
Earlier versions of Firefox and other Mozilla browsers currently unconfirmed
* Camino, Opera, MSIE and Konqueror are not affected.
OVERVIEW:
Stacking multiple CSS style attributes across span tags leads to a race
condition
which can result in denial of service or arbitrary code execution.
PROOF OF CONCEPT:
DoS proof of concept is available by Tor hidden service:
http://k5goj46pmx25dxnl.onion/lar.html
Remote code execution exploit is available with Tor hidden service
connectback shell shellcode (custom shellcode available on request) for
Linux and Windows from BanLabs. Cost is approx $4000USD plus transfer fees.
Trades accepted. Email for more info.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060730/6a65f81d/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.