Major Firefox security hole - Discussion Forum - The Massassi Temple Forums Archive

This is the static archive of the Massassi Forums. The forums are closed indefinitely. Thanks for all the memories!

You can also download Super Old Archived Message Boards from when Massassi first started.

"View" counts are as of the day the forums were archived, and will no longer increase.

Major Firefox security hole

2005-04-18, 4:13 PM #1

..would like a shrubbery.

Posts: 4,822

http://www.mikx.de/firelinking/
Note: Demonstration page. It will write a batch file to c:\

You can basically use this to get a shell account on anyones PC.

It could easily be made to download an executable using ftp.exe and executed.

TheJkWhoSaysNiTheJkWhoSaysNiTheJkWhoSaysNiTheJkWho
SaysNiTheJkWhoSaysNiTheJkWhoSaysNiTheJkWhoSaysNiTh
eJkWhoSaysNiTheJkWhoSaysNiTheJkWhoSaysNiTheJkWhoSa
ysNiTheJkWhoSaysNiTheJkWhoSaysNiTheJkWhoSaysNiTheJ
kWhoSaysNiTheJkWhoSaysNiTheJkWhoSaysNiTheJkWhoSays
NiTheJkWhoSaysNiTheJkWhoSaysNiTheJkWhoSaysNiTheJkW

2005-04-18, 4:49 PM #2

Shintock

Balls of steel.

Posts: 7,146

Holy ****!

2005-04-18, 4:56 PM #3

genk

doot!

Posts: 10,781

wowza

Holy soap opera Batman. - FGR
DARWIN WILL PREVENT THE DOWNFALL OF OUR RACE. - Rob
Free Jin!

2005-04-18, 4:57 PM #4

Bounty Hunter 4 hire

Thinks we have dignity.

Posts: 2,099

A new critical update, 1.0.3, came out today. Think that fixes it?

Steal my dreams and sell them back to me.....

2005-04-18, 5:05 PM #5

Bounty Hunter 4 hire

Thinks we have dignity.

Posts: 2,099

Note: It does fix it. Thanks for the heads up.

Steal my dreams and sell them back to me.....

2005-04-18, 5:09 PM #6

Cool Matty

Usuyami no Sekai

Posts: 15,246

1.03 came out Friday night, fixes this.

2005-04-18, 5:20 PM #7

genk

doot!

Posts: 10,781

yea, i grabbed 1.0.3 last night

Holy soap opera Batman. - FGR
DARWIN WILL PREVENT THE DOWNFALL OF OUR RACE. - Rob
Free Jin!

2005-04-18, 5:28 PM #8

kyle90

Laser Lover

Posts: 8,450

Hmm... ironically, Microsoft Antispyware caught it.

Stuff

2005-04-18, 6:21 PM #9

Crimson

Perhaps more than mildly psychotic.

Posts: 1,796

Heh, MS helps the competition. Doesn't get any sweeter.

Little angel go away
Come again some other day
Devil has my ear today
I'll never hear a word you say

2005-04-18, 6:22 PM #10

The MAZZTer

⌐_⌐

¬_¬

Posts: 6,095

Quote:

Originally posted by kyle90
Hmm... ironically, Microsoft Antispyware caught it.

That's because it is designed to trap all batch file executions.

2005-04-18, 6:34 PM #11

Sol

Orbited by Three Question Marks

Posts: 2,443

This is why I love Firefox, if an exploit has been found its usually fixed within a day.

Got a permanent feather in my cap;
Got a stretch to my stride;
a stroll to my step;

2005-04-18, 6:37 PM #12

Squirrel King

NEVER.

Posts: 5,369

Aw, I updated, now I can see what the exploit does.

heh.

2005-04-18, 7:11 PM #13

Bounty Hunter 4 hire

Thinks we have dignity.

Posts: 2,099

It basically called up a dos window to show that the site could execute a batch file.

Steal my dreams and sell them back to me.....

2005-04-18, 7:16 PM #14

gbk

Posts: 10,562

Firefox release 1.0.3 fixes this. Nothing to see here, move along...

And when the moment is right, I'm gonna fly a kite.

2005-04-18, 8:59 PM #15

Darkjedibob

From Accounting

Posts: 4,280

Heh, did the upgrade a while ago :p

$do || ! $do ; try
try: command not found
Ye Olde Galactic Empire Mission Editor (X-wing, TIE, XvT/BoP, XWA)