exobot Posted May 7, 2005 Share Posted May 7, 2005 I'm not going to link, needless to say it;s not hard to find. There's a exploit out for FF 1.0.3 with remote code execution involved, pretty nasty. bangbang's builds seem unaffected. Or at least when I tried the code it didn't work. If you do happen to find the code, don't run it unless you know what you're doing - it downloads and runs nasty stuff without user interaction. I've found a cleaned up version, which claims to have removed the damage bits of it. This could be important, as in how fast Mozilla patch - and how quickly this spreads... If your really must know.. Frsirt. (Don't come crying here if you do run it) Any brave person care to try the 1.0.4 nightleys to see if they are affected? Link to comment Share on other sites More sharing options...
msg43 Posted May 8, 2005 Share Posted May 8, 2005 interest I'll know to watch out for that on my dad pc [rant][me]loves linux[/me][/rant] Link to comment Share on other sites More sharing options...
gpister Posted May 8, 2005 Share Posted May 8, 2005 i dont get this thread what is so dangerous of firefox 1.0.3?... what can i affect Link to comment Share on other sites More sharing options...
Maxious Posted May 8, 2005 Share Posted May 8, 2005 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050507 Firefox/1.0+ (bangbang023) flickers my cursor but no batch file and therefore no execution - THANKS BANGBANG!!! :D oh and the frsit code only makes and runs a batch file c:\booom.bat that looks like this @ECHO off cls ECHO malicious commands here... PAUSE Link to comment Share on other sites More sharing options...
Am_I_Evil Posted May 8, 2005 Share Posted May 8, 2005 then just download the beta of firefox 1.0.4 that's what i'm running.... Link to comment Share on other sites More sharing options...
fels Posted May 8, 2005 Share Posted May 8, 2005 then just download the beta of firefox 1.0.4that's what i'm running.... 585889641[/snapback] Erm... do you mean the latest nightly? There is no 1.0.4 beta. Link to comment Share on other sites More sharing options...
gpister Posted May 8, 2005 Share Posted May 8, 2005 i dont get the thread explain what is up Link to comment Share on other sites More sharing options...
insurektion Posted May 8, 2005 Share Posted May 8, 2005 there is an exploit for firefox 1.0.3 is why Link to comment Share on other sites More sharing options...
gpister Posted May 8, 2005 Share Posted May 8, 2005 like what is a exploit why is it bad Link to comment Share on other sites More sharing options...
sp0rk Posted May 8, 2005 Share Posted May 8, 2005 The first post says it all... Remote code execution Link to comment Share on other sites More sharing options...
gpister Posted May 8, 2005 Share Posted May 8, 2005 but i dont get it its confusing i dont see whats dangerous Link to comment Share on other sites More sharing options...
Maxious Posted May 8, 2005 Share Posted May 8, 2005 but i dont get it its confusing i dont see whats dangerous 585889741[/snapback] lol someone could have explained it by now basically firefox has a bug in it that allows people to run programs on your computer (like to delete all mp3s in c: or whatever) just by visiting their website Link to comment Share on other sites More sharing options...
em_te Posted May 8, 2005 Share Posted May 8, 2005 According to the bug report (293302), the temporary workaround is to disallow websites from installing software (Tools -> Options -> Web Features -> "allow websites to install software" = "false"). They also changed some of the javascript links on the main Mozilla extensions website to stop the testcase from working. (But it looks like they botched something and accidentally disabled the entire installer script!) Link to comment Share on other sites More sharing options...
gpister Posted May 8, 2005 Share Posted May 8, 2005 i get it now =D thanx Link to comment Share on other sites More sharing options...
zivan56 Posted May 8, 2005 Share Posted May 8, 2005 (edited) Does not seem to work here on 1.0.3. It has not created c:\booom.bat nor executed anything. Edited May 8, 2005 by zivan56 Link to comment Share on other sites More sharing options...
+M2Ys4U Subscriber¹ Posted May 8, 2005 Subscriber¹ Share Posted May 8, 2005 ? oh, 1.0.4 = 1.0.3 (at the moment) Link to comment Share on other sites More sharing options...
supernova_00 Posted May 8, 2005 Share Posted May 8, 2005 the risk has been reduced substantially just hours after mozilla found out about this. the install() function @ update.mozilla.org was given a randomized name. the bug isn't totally patched but at least umo isn't effected and can't be the culprit. mozilla hackers are working hard to fix this asap and will releases a release accordingly. Link to comment Share on other sites More sharing options...
supernova_00 Posted May 8, 2005 Share Posted May 8, 2005 ^ note that you must have the site whitelisted in order to be effected. The reason the vulnerbilites were listed as extremely critical was because update.mozilla.org is whitelisted by default. So you really can't be effected unless you add the site to the whitelist to download files and then execute the code...hence the reason some of you couldnt reproduce the bug Link to comment Share on other sites More sharing options...
exobot Posted May 8, 2005 Author Share Posted May 8, 2005 Indeed, the mozilla foundation put a workaround into place pretty damn fast, it won't work properly now. @ second post, this can be modified to work on linux/mac. Either way, 'Allow website to install software' is always off in my FF, I turn it on when needed - then turn it off. Obviously I'm not completely safe, just moreso with it off :3. Link to comment Share on other sites More sharing options...
Recommended Posts