GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Firefox exploit critical !! (https://gfy.com/showthread.php?t=752818)

SmokeyTheBear 07-19-2007 11:11 AM
Firefox exploit critical !!
 
Came across a firefox exploit while looking for something from a gfy thread .

this one is being used right now so watch out if your surfing around..

funny thing is that ie blames firefox and firefox blames ie.. and it seems like it only works in ie. but uses firefox for the exploit in the URI handler

this example may or may not work for you , its COMPLETELY SAFE

http://com.webspacemania.com/fox/
test 2
http://com.webspacemania.com/fox2/

Barefootsies 07-19-2007 11:19 AM
Quote:
Originally Posted by SmokeyTheBear (Post 12784695)
Came across a firefox exploit while looking for something from a gfy thread .

this one is being used right now so watch out if your surfing around..

funny thing is that ie blames firefox and firefox blames ie.. and it seems like it only works in ie. but uses firefox for the exploit in the URI handler

this example may or may not work for you , its COMPLETELY SAFE

http://com.webspacemania.com/fox/
test 2
http://com.webspacemania.com/fox2/
:helpme:helpme

sortie 07-19-2007 11:19 AM
Don't want to click so please explain.

Deej 07-19-2007 11:20 AM
Smokey.... i use firefox mostly, hwo do i avoid this? i rea dup on this and then firefox says its a stink being raised by IE, but false...


id rely on your words more than either of them...

whats up yo

DomP_nl 07-19-2007 11:22 AM
Both give me a error message it cant handle something, empty square with process.init(file);process.run(true,{},0);alert(pr ocess) .. FF 2.0.0.5















OSX :)

SmokeyTheBear 07-19-2007 11:22 AM
Quote:
Originally Posted by sortie (Post 12784743)
Don't want to click so please explain.
well critical implies usually that your system can be compromised . ie run exe of choice

the example just runs a message on cmd.exe does nothing bad.

when i tested it in my fully patched ie7 xpsp2 it works.

i went looking for it when biskoppen mentioned getting a trojan in another thread using firefox on pichunter

SmokeyTheBear 07-19-2007 11:24 AM
Quote:
Originally Posted by Deej (Post 12784746)
Smokey.... i use firefox mostly, hwo do i avoid this? i rea dup on this and then firefox says its a stink being raised by IE, but false...


id rely on your words more than either of them...

whats up yo

both i suppose but im no authority on this anyways. not that i would trust them any more , but my take is its a handler not setup properly . so firefox is to blame for registering such an open handler ie is to blame for letting them lol

SmokeyTheBear 07-19-2007 11:27 AM
Quote:
Originally Posted by DomP_nl (Post 12784759)


OSX :)

no fair.. :1orglaugh

D 07-19-2007 11:28 AM
Thanks for the heads up, Smokey...

You kinda realize when you regard someone as stand-up whenever you blindly charge into clicking on such links when directed to by them. :thumbsup

Neither link successfully executed anything on my end... using Firefox 2.0.0.4... Win XP

A warning came up, instead - alerting me that the launching of an external application was required to proceed, and prompted if I wanted to launch it or not.

Was this the reason for the new update, or does this take advantage of the recent update?

I have it downloaded, but have yet to install 2.0.0.5

SmokeyTheBear 07-19-2007 11:30 AM
Quote:
Originally Posted by Deej (Post 12784746)
hwo do i avoid this?
well there is one thing you could avoid..


make sure your firefox is setup as default browser, i have a feeling ie might leave it open to make firefox fix it. i think it relies on ie being used , there are ways to force firefox to open internet explorer if its set to default browser

SmokeyTheBear 07-19-2007 11:37 AM
Quote:
Originally Posted by D (Post 12784783)
Thanks for the heads up, Smokey...

You kinda realize when you regard someone as stand-up whenever you blindly charge into clicking on such links when directed to by them. :thumbsup

Neither link successfully executed anything on my end... using Firefox 2.0.0.4... Win XP

A warning came up, instead - alerting me that the launching of an external application was required to proceed, and prompted if I wanted to launch it or not.

Was this the reason for the new update, or does this take advantage of the recent update?

I have it downloaded, but have yet to install 2.0.0.5
well in this example i think it requires you to be using internet explorer , but the exploit is caused by firefox, but its very easy to get firefox to open internet explorer , so i could make it a bit better and force firefox to open ie . ill make another example to show its possible.

D 07-19-2007 11:40 AM
Quote:
Originally Posted by SmokeyTheBear (Post 12784840)
well in this example i think it requires you to be using internet explorer , but the exploit is caused by firefox, but its very easy to get firefox to open internet explorer , so i could make it a bit better and force firefox to open ie . ill make another example to show its possible.
ahh... I misunderstood.

Thanks.

fuzebox 07-19-2007 12:11 PM
Quote:
Originally Posted by DomP_nl (Post 12784759)
Both give me a error message it cant handle something, empty square with process.init(file);process.run(true,{},0);alert(pr ocess) .. FF 2.0.0.5


OSX :)
Same on Linux :winkwink:

Errr I misunderstood that it's actually an IE hole that uses firefox.

modelscanada 07-19-2007 05:53 PM
are you for real???


All times are GMT -7. The time now is 03:29 PM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123