Mozilla Firefox <= 1.0.4 "Set As Wallpaper" Code Execution Exploit

No description provided by source. // Exploit by Michael Krax !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN html head titleFirewalling - Proof-of-Concept/title script function stopload // in some cases the javascript url never stops to load // therefore we force a stop after the rea...

Mozilla Firefox 1.0.4 - &#039;Set As Wallpaper&#039; Code Execution

// Exploit by Michael Krax Firewalling - Proof-of-Concept function stopload // in some cases the javascript url never stops to load // therefore we force a stop after the real image got loaded window.setTimeout"window.stop",1000; Firewalling - Proof-of-Concept The "Set As Wallpaper" dialog takes...

FreeBSD : mozilla -- arbitrary code execution vulnerability (cbfde1cd-87eb-11d9-aa18-0001020eed82)

A Mozilla Foundation Security Advisory reports : Plugins such as flash can be used to load privileged content into a frame. Once loaded various spoofs can be applied to get the user to interact with the privileged content. Michael Krax's 'Fireflashing' example demonstrates that an attacker can op...

Mozilla Firefox <= 1.0.4 "Set As Wallpaper" Code Execution Exploit

Exploit for unknown platform in category remote exploits ================================================================== Mozilla Firefox Firewalling - Proof-of-Concept function stopload // in some cases the javascript url never stops to load // therefore we force a stop after the real image go...

"Wrapped" javascript: urls bypass security checks — Mozilla

Some security checks intended to prevent script injection were incorrect and could be bypassed by wrapping a javascript: url in the view-source: pseudo-protocol. Michael Krax demonstrated that a variant of his favicon exploit could still execute arbitrary code, and the same technique could also b...

Mandrake Linux Security Advisory : htdig (MDKSA-2005:063)

A cross-site scripting vulnerability in ht://dig was discovered by Michael Krax. The updated packages have been patched to correct this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Mandrake Linux Security...

[SA14367] Verity Ultraseek Search Request Cross-Site Scripting

TITLE: Verity Ultraseek Search Request Cross-Site Scripting SECUNIA ADVISORY ID: SA14367 VERIFY ADVISORY: http://secunia.com/advisories/14367/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Verity Ultraseek 5.x http://secunia.com/product/3457/ DESCRIPTION: Micha...

[SA13701] Bugzilla Internal Error Response Cross-Site Scripting

TITLE: Bugzilla Internal Error Response Cross-Site Scripting SECUNIA ADVISORY ID: SA13701 VERIFY ADVISORY: http://secunia.com/advisories/13701/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Bugzilla 2.x http://secunia.com/product/396/ DESCRIPTION: Michael Krax...