Saturday, May 7

FrSIRT - Mozilla Firefox 1.0.3 Remote Arbitrary Code Execution Exploit

FrSIRT - Mozilla Firefox 1.0.3 Remote Arbitrary Code Execution Exploit

Mozilla Firefox 1.0.3 Remote Arbitrary Code Execution Exploit
Date : 07/05/2005


FrSIRT Comment - This is a 0day exploit/vulnerability (unpatched).
This code will download/execute a malware without user interaction.

Rated as : Critical
Solution : Disable Javascript

2 comments:

pilgrim said...

FF1.0.2 isn't vulnerable according to the code provided by K-Otic.

Must be something the Mozilla Team added/changed in the 1.0.3 release.

Joel Esler said...

Sure! They're called "features". You should be used to them by now. Microsoft has them all the time.