Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Firefox Remote Compromise Leaked
From: tuytumadre () att net
Date: Sun, 08 May 2005 05:49:12 +0000

Well, apparently one of my Firefox vulnerabilities has been leaked. Mikx and I have been working on Firefox security 
for some time and we are trying to put together something spectacular, but unfortunatly there are always those people 
out there that feel they need to ruin it for people. About a week ago, Mikx and I put together a nice remote compromise 
for Firefox, submitted it to bugzilla, and got a bug number for it. This is the message that I just got from Bugzilla:
  
bugzilla-daemon () mozilla org to me 12:14 am (1 hour ago)
https://bugzilla.mozilla.org/show_bug.cgi?id=292691
brendan () mozilla org changed:
          What    |Removed                     |Added
----------------------------------------------------------------------------
                CC|                            |bugs () bengoodger com,
                  |                            |vladimir () pobox com,
                  |                            |shaver () mozilla org,
                  |                            |brendan () mozilla org,
                  |                            |chofmann () gmail com
------- Additional Comments From brendan () mozilla org  2005-05-07 21:14 PDT -------
So now someone is claiming a 0day that looks a lot like this.  See bug 293302.

So apparently, the secret is out. I wish that this could have been used for good purposes but I guess that just isn't 
possible these days...

Here is the original PoC:
http://greyhatsecurity.org/vulntests/ffrc.htm

I suspect that my server was compromised, and I am currently using my contacts to find the culprit and bring him to 
justice.

Sorry to Mozilla, Mikx, and everyone else that was harmed by the inconsiderate, irresponsible actions of an individual.

Regards,
Paul
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]