|
Skylined, is there anything that you can't
exploit? ;-)
On a side note, an article quoting Ferris saying
that "Microsoft takes too long to patch stuff so that's why I'm going public"
recently was slashdotted (regarding a vulnerability he found in Internet
Explorer). Now he goes public with this thing. Does he think that Mozilla and
Microsoft have the lengthy patch process in common, or is he just being
hypocritical, something that I have found to be quite common among anti-MS
zealots.
Paul
Formerly of Greyhats Security
----- Original Message -----
Sent: Saturday, September 10, 2005 6:52
AM
Subject: [Full-disclosure] Mozilla
Firefox "Host:" Buffer Overflow Exploit
(Just a little heads up, no details or PoC attached)
The security vulnerability in Mozilla FireFox reported by Tom Ferris is
exploitable on Windows.
I developed a working exploit that seems to be 100% stable, though I've
only tested it on one system.
The exploit will not be released publicly untill patches are
out.
On a side note: it took only about 3 hours and 30 minutes to develop the
exploit, so I might not be the only one able to write it.
Cheers,
_______________________________________________
Full-Disclosure - We
believe in it.
Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored
by Secunia - http://secunia.com/
|
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
