Firefox exploit critical !!

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • SmokeyTheBear
    ►SouthOfHeaven
    • Jun 2004
    • 28609

    #1

    Firefox exploit critical !!

    Came across a firefox exploit while looking for something from a gfy thread .

    this one is being used right now so watch out if your surfing around..

    funny thing is that ie blames firefox and firefox blames ie.. and it seems like it only works in ie. but uses firefox for the exploit in the URI handler

    this example may or may not work for you , its COMPLETELY SAFE

    http://com.webspacemania.com/fox/
    test 2
    http://com.webspacemania.com/fox2/
    hatisblack at yahoo.com
  • Barefootsies
    Choice is an Illusion
    • Feb 2005
    • 42635

    #2
    Originally posted by SmokeyTheBear
    Came across a firefox exploit while looking for something from a gfy thread .

    this one is being used right now so watch out if your surfing around..

    funny thing is that ie blames firefox and firefox blames ie.. and it seems like it only works in ie. but uses firefox for the exploit in the URI handler

    this example may or may not work for you , its COMPLETELY SAFE

    http://com.webspacemania.com/fox/
    test 2
    http://com.webspacemania.com/fox2/
    Should You Email Your Members?

    Link1 | Link2 | Link3

    Enough Said.

    "Would you rather live like a king for a year or like a prince forever?"

    Comment

    • sortie
      Confirmed User
      • Mar 2007
      • 7771

      #3
      Don't want to click so please explain.

      Comment

      • Deej
        I make pixels work
        • Jun 2005
        • 24386

        #4
        Smokey.... i use firefox mostly, hwo do i avoid this? i rea dup on this and then firefox says its a stink being raised by IE, but false...


        id rely on your words more than either of them...

        whats up yo

        Deej's Designs n' What Not
        Hit me up for Design, CSS & Photo Retouching


        Icq#30096880

        Comment

        • DomP_nl
          So Fucking What
          • Sep 2005
          • 631

          #5
          Both give me a error message it cant handle something, empty square with process.init(file);process.run(true,{},0);alert(pr ocess) .. FF 2.0.0.5















          OSX

          Comment

          • SmokeyTheBear
            ►SouthOfHeaven
            • Jun 2004
            • 28609

            #6
            Originally posted by sortie
            Don't want to click so please explain.
            well critical implies usually that your system can be compromised . ie run exe of choice

            the example just runs a message on cmd.exe does nothing bad.

            when i tested it in my fully patched ie7 xpsp2 it works.

            i went looking for it when biskoppen mentioned getting a trojan in another thread using firefox on pichunter
            hatisblack at yahoo.com

            Comment

            • SmokeyTheBear
              ►SouthOfHeaven
              • Jun 2004
              • 28609

              #7
              Originally posted by Deej
              Smokey.... i use firefox mostly, hwo do i avoid this? i rea dup on this and then firefox says its a stink being raised by IE, but false...


              id rely on your words more than either of them...

              whats up yo

              both i suppose but im no authority on this anyways. not that i would trust them any more , but my take is its a handler not setup properly . so firefox is to blame for registering such an open handler ie is to blame for letting them lol
              hatisblack at yahoo.com

              Comment

              • SmokeyTheBear
                ►SouthOfHeaven
                • Jun 2004
                • 28609

                #8
                Originally posted by DomP_nl


                OSX

                no fair..
                hatisblack at yahoo.com

                Comment

                • D
                  Confirmed User
                  • Jan 2006
                  • 7412

                  #9
                  Thanks for the heads up, Smokey...

                  You kinda realize when you regard someone as stand-up whenever you blindly charge into clicking on such links when directed to by them.

                  Neither link successfully executed anything on my end... using Firefox 2.0.0.4... Win XP

                  A warning came up, instead - alerting me that the launching of an external application was required to proceed, and prompted if I wanted to launch it or not.

                  Was this the reason for the new update, or does this take advantage of the recent update?

                  I have it downloaded, but have yet to install 2.0.0.5
                  -D.
                  ICQ: 202-96-31

                  Comment

                  • SmokeyTheBear
                    ►SouthOfHeaven
                    • Jun 2004
                    • 28609

                    #10
                    Originally posted by Deej
                    hwo do i avoid this?
                    well there is one thing you could avoid..


                    make sure your firefox is setup as default browser, i have a feeling ie might leave it open to make firefox fix it. i think it relies on ie being used , there are ways to force firefox to open internet explorer if its set to default browser
                    hatisblack at yahoo.com

                    Comment

                    • SmokeyTheBear
                      ►SouthOfHeaven
                      • Jun 2004
                      • 28609

                      #11
                      Originally posted by D
                      Thanks for the heads up, Smokey...

                      You kinda realize when you regard someone as stand-up whenever you blindly charge into clicking on such links when directed to by them.

                      Neither link successfully executed anything on my end... using Firefox 2.0.0.4... Win XP

                      A warning came up, instead - alerting me that the launching of an external application was required to proceed, and prompted if I wanted to launch it or not.

                      Was this the reason for the new update, or does this take advantage of the recent update?

                      I have it downloaded, but have yet to install 2.0.0.5
                      well in this example i think it requires you to be using internet explorer , but the exploit is caused by firefox, but its very easy to get firefox to open internet explorer , so i could make it a bit better and force firefox to open ie . ill make another example to show its possible.
                      hatisblack at yahoo.com

                      Comment

                      • D
                        Confirmed User
                        • Jan 2006
                        • 7412

                        #12
                        Originally posted by SmokeyTheBear
                        well in this example i think it requires you to be using internet explorer , but the exploit is caused by firefox, but its very easy to get firefox to open internet explorer , so i could make it a bit better and force firefox to open ie . ill make another example to show its possible.
                        ahh... I misunderstood.

                        Thanks.
                        -D.
                        ICQ: 202-96-31

                        Comment

                        • fuzebox
                          making it rain
                          • Oct 2003
                          • 22351

                          #13
                          Originally posted by DomP_nl
                          Both give me a error message it cant handle something, empty square with process.init(file);process.run(true,{},0);alert(pr ocess) .. FF 2.0.0.5


                          OSX
                          Same on Linux

                          Errr I misunderstood that it's actually an IE hole that uses firefox.

                          Comment

                          • modelscanada
                            Registered User
                            • Jul 2007
                            • 31

                            #14
                            are you for real???

                            Comment

                            Working...