Showing 1 - 8 of 8

Files from Michael Krax

fireclicking.txt: Posted Jan 26, 2006; Authored by Michael Krax | Site mikx.de; Using custom Microsoft Agent characters it is possible to cover any kind of windows, including security or download dialogs. This is an expected feature of the Microsoft Agent control. Because custom characters are fully scriptable, can have any kind of shape and are downloaded automatically, this can be used as a flexible tool to cover and/or spoof any kind of window and lure the user to execute arbitrary code by performing one or two clicks (depending on security zone configuration and Windows version).; tags | advisory, arbitrary, spoof; systems | windows; SHA-256 | 039b06b0507512df1ffd004234a3787a21cf7ec3fdaad643a094cb8696e17771; Download | Favorite | View

mfsa2005-47exploit.txt: Posted Jul 15, 2005; Authored by Michael Krax; Mozilla Firefox versions 1.0.4 and below 'Set As Wallpaper' code execution exploit.; tags | exploit, code execution; SHA-256 | cf5c755d38d84ac4c3f08e88ca55a8bdd553231fbfcb823db2f7c3a759435c57; Download | Favorite | View

firefox101.txt: Posted Mar 25, 2005; Authored by Michael Krax | Site mikx.de; Even though Firefox 1.0.1 patched one of the key bugs behind the firescrolling exploit (the ability of plugins to load chrome files in a hidden frame) the ability to hijack a drag and drop operation and open a privileged xul file is still available.; tags | advisory; SHA-256 | 111d602c6d49d7cf172b6d139521c1cabf83ed7201a241e1186dee257802ea76; Download | Favorite | View

Fireflashing.txt: Posted Feb 23, 2005; Authored by Michael Krax | Site mikx.de; Using plugins like Flash and the -moz-opacity filter, it is possible to display the about:config site in a hidden frame or a new window in Firefox 1.0 and Mozilla 1.7.5.; tags | advisory; advisories | CVE-2005-0232; SHA-256 | c7cedd28bcc9f676fdc00b491f4c17d87ecc083eb62153962929c8cfa0956d21; Download | Favorite | View

Firetabbing.txt: Posted Feb 23, 2005; Authored by Michael Krax | Site mikx.de; The Javascript security manager can be bypassed when a link is dropped to a tab in Firefox 1.0 and Mozilla 1.7.5.; tags | advisory, javascript; advisories | CVE-2005-0231; SHA-256 | 7cec86bc934ea6cea05a1709645f91946c041eac917919abc3f8c3a2521d4edc; Download | Favorite | View

Firedragging.txt: Posted Feb 23, 2005; Authored by Michael Krax | Site mikx.de; Firefox built-in protection against allowing dragged non-image files can be bypassed when an executable is passed with a content-type of image/gif. Tested with Firefox 1.0 and Mozilla 1.7.5.; tags | advisory; advisories | CVE-2005-0230; SHA-256 | 89c610f95e5084fbbd9fffd302c959d26a3a3d494bde761f4320c56b831760b3; Download | Favorite | View

javaSpoof.txt: Posted Jan 12, 2005; Authored by Michael Krax | Site mikx.de; Using javascript, is it still possible to spoof the content of security and download dialogs by covering them with a pop up window. This flaw has gone unpatched for 3 months. Tested with Firefox 1.0, Mozilla 1.7.5 and Netscape 7.1 on Windows XP SP2.; tags | advisory, spoof, javascript; systems | windows; SHA-256 | 8ee325769b4d65b9d4988a856115b8341be0f914bab83c9126520d5e84c1bf3f; Download | Favorite | View

xssEverywhere.txt: Posted Dec 31, 2004; Authored by Michael Krax | Site mikx.de; A series of tests were performed to find Cross-Site Scripting (XSS) vulnerabilities. It quickly turned out that the majority of all major websites suffer from some kind of XSS flaw. This is a disclosure of 175 vulnerabilities at once.; tags | advisory, vulnerability, xss; SHA-256 | 542050829be68249f5087c7bfb911b172ced5e03a109ac853b43196bedcb2e29; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days