Joel Esler: FrSIRT - Mozilla Firefox 1.0.3 Remote Arbitrary Code Execution Exploit

Saturday, May 7

FrSIRT - Mozilla Firefox 1.0.3 Remote Arbitrary Code Execution Exploit

FrSIRT - Mozilla Firefox 1.0.3 Remote Arbitrary Code Execution Exploit

Mozilla Firefox 1.0.3 Remote Arbitrary Code Execution Exploit

Date : 07/05/2005

FrSIRT Comment - This is a 0day exploit/vulnerability (unpatched).

This code will download/execute a malware without user interaction.

Rated as : Critical

Solution : Disable Javascript

4 comments:

pilgrim said...: FF1.0.2 isn't vulnerable according to the code provided by K-Otic.

Must be something the Mozilla Team added/changed in the 1.0.3 release.; Sat May 07, 05:28:00 PM
pilgrim said...: FF1.0.2 isn't vulnerable according to the code provided by K-Otic. Must be something the Mozilla Team added/changed in the 1.0.3 release.; Sat May 07, 10:28:00 PM
Joel Esler said...: Sure! They're called "features". You should be used to them by now. Microsoft has them all the time.; Mon May 09, 02:55:00 AM
Joel Esler said...: Sure! They're called "features". You should be used to them by now. Microsoft has them all the time.; Mon May 09, 07:55:00 AM