Wednesday, July 25, 2007

Remote Command Exec (FireFox 2.0.0.5)

These days, i am reading about web applications hacking and trying out several different stuffs. I happen to stumble across xs-sniper's page and read about his post on owning most major browsers. It appears that there is a problem with Cross Application Browser Scripting where a flaw in the URI handling behavior allows for remote command execution. Be sure to check out his post below:

http://xs-sniper.com/blog/remote-command-exec-firefox-2005/

The Hacka Man

1 comment:

Giorgio Maone said...

You may want to add that the relevant bug has been fixed 2 days ago.
This means that already available Minefield builds and Firefox 2.0.0.6 release candidates are immune.

Furthermore, NoScript 1.1.6.06 (released yesterday) gives early protection against this exploit for those stuck with stable 2.0.0.5.
--
There's a browser safer than Firefox... it's Firefox, with NoScript :)