Next Page >>
Firefox 3
Hello Thierry!
About your message concerning crash in Firefox 3.0.6
(http://securityvulns.ru/Vdocument307.html). Which has similar DoS
vulnerability as Nokia N95-8 browser.
Some time ago I read your message and also checked Firefox 3.0.6 and
confirmed the crash in it. What I can tell you about this hole.
In the beginning of September 2008 I already wrote about such DoS
Google Bookmarks is a service where it's possible to save bookmarks.
II. Description:
Three cross site scripting vulnerabilities were identified inside Google Notebook. A remote attacker can make a malformed block notes and invite, through the sharing option inside Google Notebook, other users to see it to obtain their cookie. User interaction is required to exploit all three vulnerabilies.
Browser affected: Firefox 3.
Browser not affected: Internet Explorer 7, Opera 9.5, Safari 3.
One cross site scripting vulnerability was identified inside Google Bookmarks. A remote attacker can make a malformed bookmark inside his account and then share it with other users to obtain their cookie. User interaction is required to exploit this vulnerability.
Browser affected: Mozilla Firefox 3, Internet Explorer 7, Opera 9.5, Safari 3
Problem Description:
Multiple vulnerabilities has been found and corrected in
mozilla-thunderbird:
Unspecified vulnerability in Mozilla Firefox 3 allows remote attackers
to execute arbitrary code via unknown vectors that trigger memory
corruption, as demonstrated by Nils during a Pwn2Own competition at
CanSecWest 2010 (CVE-2010-1121).
Integer overflow in the nsGenericDOMDataNode::SetTextInternal function
Affected: 2008.0
_______________________________________________________________________
Problem Description:
Security issues were identified and fixed in firefox 3.0.x:
Security researcher Alin Rad Pop of Secunia Research reported a
heap-based buffer overflow in Mozilla's string to floating point
number conversion routines. Using this vulnerability an attacker
could craft some malicious JavaScript code containing a very long
Affected: 2009.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Security issues were identified and fixed in firefox 3.0.x:
Security researcher Alin Rad Pop of Secunia Research reported a
heap-based buffer overflow in Mozilla's string to floating point
number conversion routines. Using this vulnerability an attacker
could craft some malicious JavaScript code containing a very long
Why do you include "TESTED ON: firefox 3"? Would you not be able to
trigger this bug using other browsers?
On Sun, May 31, 2009 at 8:53 PM, <y3nh4ck3r@gmail.com> wrote:
> #!/usr/bin/perl
> #-------------------------------------------------------------------------------------------------------------------
> #(Post Form --> Parent Register (name)) Credentials Changer (SQLi) EXPLOIT -- Online Grades & Attendance v-3.2.6-->
> #-------------------------------------------------------------------------------------------------------------------
> #
> #CMS INFORMATION:
-->CATEGORY: Social Networking
-->DESCRIPTION: Tuenti is the biggest and most popular social network in Spain.
SYSTEM VULNERABILITY:
-->TESTED ON: firefox 3 and Internet Explorer 6.0
-->CATEGORY: HTML CODE INJECTION / XSS
-->Discovered Bug date: 2009-05-04
-->Reported Bug date: 2009-05-04
-->Fixed bug date: 2009-05-12
-->Author: YEnH4ckEr
-- Affected Vendors:
Mozilla Firefox
-- Affected Products:
Mozilla Firefox 3
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 8442.
For further product information on the TippingPoint IPS, visit:
Of course not. I include this information to report in details
Then...when do you need a browser to launch a perl exploit?
Why do you include "TESTED ON: firefox 3"? Would you not be able to
trigger this bug using other browsers?
On Sun, May 31, 2009 at 8:53 PM, <y3nh4ck3r (at) gmail (dot) com [email concealed]> wrote:
> #!/usr/bin/perl
> #-----------------------------------------------------------------------
hidden..
Did you know that you can't trust to what Extensions manager is saying ? For
detailed information look at the function 'hide_me()' in file
'src/chrome/content/ffsniff/ffsniffOverlay_orig.js' of my PoC. This bug was in
older versions of Firefox and was 'inherited' also in Firefox 3.
Proof of Concept
----------------
As a PoC I updated my Firefox sniffer extension (FFsniFF) so now it's compatible
with Firefox 3 (was released today). You can download it here:
is an improved version of FoFCS.It is meant for...
-->RELEASED: 2009-05-30
CMS VULNERABILITY:
-->TESTED ON: firefox 3
-->DORK: N/A
-->CATEGORY: LOCAL FILE INCLUSION (LFI) / INSECURE COOKIE HANDLING (LFI)
-->AFFECT VERSION: CURRENT (MAYBE <= ?)
-->Discovered Bug date: 2009-06-02
-->Reported Bug date: 2009-06-02
features plus many new features. OG is a web based grade...
-->RELEASED: 2009-02-05
CMS VULNERABILITY:
-->TESTED ON: firefox 3
-->DORK: "Powered by Online Grades"
-->CATEGORY: SQL INJECTION
-->AFFECT VERSION: <= 3.2.6
-->Discovered Bug date: 2009-05-21
-->Reported Bug date: 2009-05-21
# system on the planet.The system is written in PHP/MYSQL...
#-->RELEASED: 2009-05-31
#
#CMS VULNERABILITY:
#
#-->TESTED ON: firefox 3
#-->DORK: N/A
#-->CATEGORY: BLIND SQLi exploit
#-->AFFECT VERSION: CURRENT
#-->Discovered Bug date: 2009-06-09
#-->Reported Bug date: 2009-06-09
several twitters account and use this twitter as a buckup of all...
+->RELEASED: 2009-04-30
CMS VULNERABILITY:
+->TESTED ON: firefox 3
+->DORK: "BioScripts"
+->CATEGORY: OPTIONS CHANGER
+->AFFECT VERSION: <= 0.2 Beta
+->Discovered Bug date: 2009-04-30
+->Reported Bug date: 2009-04-30
a simple content management system with an easy to follow install...
-->RELEASED: 2009-05-01
CMS VULNERABILITY:
-->TESTED ON: firefox 3
-->DORK: "Powered by ProjectCMS"
-->CATEGORY: Remote Dir Remove/ Shell Upload-Image Upload/ Remote Dir Disclosure
-->AFFECT VERSION: <= 1.1 Beta
-->Discovered Bug date: 2009-05-01
-->Reported Bug date: 2009-05-01
softwares have the CMS and the CMS admin in different packages...
-->RELEASED: 2009-05-15
CMS VULNERABILITY:
-->TESTED ON: firefox 3
-->DORK: N/A
-->CATEGORY: SQL INJECTION
-->AFFECT VERSION: CURRENT
-->Discovered Bug date: 2009-06-02
-->Reported Bug date: 2009-06-02
Diese Galerie ist fr Leute gedacht, die sich mit der PHP-Programmierung...
-->RELEASED: 2009-02-26
CMS VULNERABILITY:
-->TESTED ON: firefox 3
-->DORK: N/A
-->CATEGORY: SQL INJECTION
-->AFFECT VERSION: CURRENT
-->Discovered Bug date: 2009-04-05
-->Reported Bug date: 2009-04-05
#-->DESCRIPTION: Free web album scripts in PHP. Include administration panel to easy
# manage content of album. If you decide to use this web...
#
#CMS VULNERABILITY:
#
#-->TESTED ON: firefox 3
#-->DORK: "2007 Rafal Kucharski"
#-->CATEGORY: BLIND SQL INJECTION/ PERL EXPLOIT
#-->AFFECT VERSION: v1.0.462 (maybe <= ?)
#-->Discovered Bug date: 2009-05-04
#-->Reported Bug date: 2009-05-04
to easily manage learning resources in an integrated system.
-->RELEASED: 2009-06-22
CMS VULNERABILITY:
-->TESTED ON: firefox 3
-->DORK: "powered by ILIAS"
-->CATEGORY: ARBITRARY INFORMATION EDITION/DISCLOSURE
-->AFFECT VERSION: 3.10.7/3.9.9
-->Discovered Bug date: 2009-06-28
-->Reported Bug date: 2009-06-28
-->CATEGORY: CMS / Portals
-->DESCRIPTION: Web application to manage controlled vocabularies, taxonomies and thesaurus...
CMS VULNERABILITY:
-->TESTED ON: firefox 3
-->DORKs: "Powered by TemaTres" / "Generado por TemaTres" / "Criado por TemaTres"
-->CATEGORY: AUTH BYPASS/ SQL INJECTION/ XSS
-->AFFECT VERSION: LAST = 1.0.3 (maybe <= ?)
-->Discovered Bug date: 2009-04-23
-->Reported Bug date: 2009-04-23
#-->CATEGORY: CMS / Portals
#-->DESCRIPTION: Web application to manage controlled vocabularies, taxonomies and thesaurus...
#
#CMS VULNERABILITY:
#
#-->TESTED ON: firefox 3
#-->DORKs: "Powered by TemaTres" / "Generado por TemaTres" / "Criado por TemaTres"
#-->CATEGORY: BLIND SQL INJECTION EXPLOIT
#-->AFFECT VERSION: LAST = 1.0.3 (maybe <= ?)
#-->Discovered Bug date: 2009-04-24
#-->Reported Bug date: 2009-04-24
# features plus many new features. OG is a web based grade...
#-->RELEASED: 2009-02-05
#
#CMS VULNERABILITY:
#
#-->TESTED ON: firefox 3
#-->DORK: "Powered by Online Grades"
#-->CATEGORY: BLIND SQL INJECTION EXPLOIT
#-->AFFECT VERSION: <= 3.2.6
#-->Discovered Bug date: 2009-05-21
#-->Reported Bug date: 2009-05-21
#| is an improved version of FoFCS.It is meant for... |
#|-->RELEASED: 2009-05-30 |
#| |
#| CMS VULNERABILITY: |
#| |
#|-->TESTED ON: firefox 3 |
#|-->DORK: N/A |
#|-->CATEGORY: BLIND SQLi PYTHON EXPLOIT |
#|-->AFFECT VERSION: CURRENT (MAYBE <= ?) |
#|-->Discovered Bug date: 2009-06-02 |
#|-->Reported Bug date: 2009-06-02 |
that supports kjclub.com from the outside...
-->RELEASED: 2009-05-16
CMS VULNERABILITY:
-->TESTED ON: firefox 3
-->DORK: N/A
-->CATEGORY: SQL INJECTION
-->AFFECT VERSION: CURRENT
-->Discovered Bug date: 2009-06-02
-->Reported Bug date: 2009-06-02
this topic.
In the article I talked about Cross-Site Scripting attacks where it’s not
possible to use any tags and angle brackets. I listed attack vectors which
can be used in this case (automated and non-automated). And wrote about
current situation with modern browsers: in 2008 in Firefox 3 possibility of
attack via -moz-binding was removed (partly) and in IE 8, which released at
beginning of 2009, support of expression() was removed.
So I proposed my cross-browser solution for conducting of automated XSS
attacks in such conditions (when it’s not possible to use any tags and angle
# Web CMS, written for PHP/MySQL.Uses FCKeditor for HTML editing...
#-->RELEASED: 2009-04-27
#
#CMS VULNERABILITY:
#
#-->TESTED ON: firefox 3
#-->DORK: "Powered by BIGACE 2.5"
#-->CATEGORY: USER OPTIONS CHANGER/ SQL INJECTION/ PERL EXPLOIT
#-->AFFECT VERSION: LAST = 2.5 (Maybe <= ?)
#-->Discovered Bug date: 2009-04-27
#-->Reported Bug date: 2009-04-27
# with your friends and family. Share photos, messages, documents and more.
#-->RELEASED: 2009-05-11
#
#CMS VULNERABILITY:
#
#-->TESTED ON: firefox 3
#-->DORK: "2006-2009 Ryan Haudenschilt"
#-->CATEGORY: BLIND SQL INJECTION EXPLOIT
#-->AFFECT VERSION: <= 1.9
#-->Discovered Bug date: 2009-05-11
#-->Reported Bug date: 2009-05-11
# features plus many new features. OG is a web based grade...
#-->RELEASED: 2009-02-05
#
#CMS VULNERABILITY:
#
#-->TESTED ON: firefox 3
#-->DORK: "Powered by Online Grades"
#-->CATEGORY: SQL INJECTION
#-->AFFECT VERSION: <= 3.2.6
#-->Discovered Bug date: 2009-05-21
#-->Reported Bug date: 2009-05-21
# is an improved version of FoFCS.It is meant for...
#-->RELEASED: 2009-05-30
#
#CMS VULNERABILITY:
#
#-->TESTED ON: firefox 3
#-->DORK: N/A
#-->CATEGORY: BLIND SQLi PYTHON EXPLOIT
#-->AFFECT VERSION: CURRENT (MAYBE <= ?)
#-->Discovered Bug date: 2009-06-02
#-->Reported Bug date: 2009-06-02
blocks and permission system.
-->RELEASED: 2009-05-25
CMS VULNERABILITY:
-->TESTED ON: firefox 3
-->DORK: "S-CMS by matteoiamma"
-->CATEGORY: LOCAL FILE INCLUSION (LFI)
-->AFFECT VERSION: <= 2.0-Beta3
-->Discovered Bug date: 2009-05-25
-->Reported Bug date: 2009-05-25
Next Page>>
|
