Saturday, May 7

FrSIRT - Mozilla Firefox 1.0.3 Remote Arbitrary Code Execution Exploit

FrSIRT - Mozilla Firefox 1.0.3 Remote Arbitrary Code Execution Exploit


Mozilla Firefox 1.0.3 Remote Arbitrary Code Execution Exploit

Date : 07/05/2005




FrSIRT Comment - This is a 0day exploit/vulnerability (unpatched).

This code will download/execute a malware without user interaction.


Rated as : Critical

Solution : Disable Javascript

4 comments:

pilgrim said...

FF1.0.2 isn't vulnerable according to the code provided by K-Otic.

Must be something the Mozilla Team added/changed in the 1.0.3 release.

pilgrim said...

FF1.0.2 isn't vulnerable according to the code provided by K-Otic. Must be something the Mozilla Team added/changed in the 1.0.3 release.

Joel Esler said...

Sure! They're called "features". You should be used to them by now. Microsoft has them all the time.

Joel Esler said...

Sure! They're called "features". You should be used to them by now. Microsoft has them all the time.