Firefox 1.0.3 0-day Exploit


Recommended Posts

I'm not going to link, needless to say it;s not hard to find.

There's a exploit out for FF 1.0.3 with remote code execution involved, pretty nasty. bangbang's builds seem unaffected. Or at least when I tried the code it didn't work.

If you do happen to find the code, don't run it unless you know what you're doing - it downloads and runs nasty stuff without user interaction. I've found a cleaned up version, which claims to have removed the damage bits of it.

This could be important, as in how fast Mozilla patch - and how quickly this spreads...

If your really must know.. Frsirt. (Don't come crying here if you do run it)

Any brave person care to try the 1.0.4 nightleys to see if they are affected?

Link to comment
Share on other sites

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050507 Firefox/1.0+ (bangbang023)

flickers my cursor but no batch file and therefore no execution - THANKS BANGBANG!!! :D

oh and the frsit code only makes and runs a batch file c:\booom.bat that looks like this

@ECHO off
cls
ECHO malicious commands here...
PAUSE

Link to comment
Share on other sites

then just download the beta of firefox 1.0.4

that's what i'm running....

585889641[/snapback]

Erm... do you mean the latest nightly?

There is no 1.0.4 beta.

Link to comment
Share on other sites

but i dont get it its confusing i dont see whats dangerous

585889741[/snapback]

lol someone could have explained it by now

basically firefox has a bug in it that allows people to run programs on your computer (like to delete all mp3s in c: or whatever) just by visiting their website

Link to comment
Share on other sites

According to the bug report (293302), the temporary workaround is to disallow websites from installing software (Tools -> Options -> Web Features -> "allow websites to install software" = "false").

They also changed some of the javascript links on the main Mozilla extensions website to stop the testcase from working. (But it looks like they botched something and accidentally disabled the entire installer script!)

Link to comment
Share on other sites

Does not seem to work here on 1.0.3. It has not created c:\booom.bat nor executed anything.

Edited by zivan56
Link to comment
Share on other sites

the risk has been reduced substantially just hours after mozilla found out about this. the install() function @ update.mozilla.org was given a randomized name. the bug isn't totally patched but at least umo isn't effected and can't be the culprit. mozilla hackers are working hard to fix this asap and will releases a release accordingly.

Link to comment
Share on other sites

^ note that you must have the site whitelisted in order to be effected. The reason the vulnerbilites were listed as extremely critical was because update.mozilla.org is whitelisted by default. So you really can't be effected unless you add the site to the whitelist to download files and then execute the code...hence the reason some of you couldnt reproduce the bug

Link to comment
Share on other sites

Indeed, the mozilla foundation put a workaround into place pretty damn fast, it won't work properly now.

@ second post, this can be modified to work on linux/mac. Either way, 'Allow website to install software' is always off in my FF, I turn it on when needed - then turn it off. Obviously I'm not completely safe, just moreso with it off :3.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.