################################################################ # .___ __ _______ .___ # # __| _/____ _______| | __ ____ \ _ \ __| _/____ # # / __ |\__ \\_ __ \ |/ // ___\/ /_\ \ / __ |/ __ \ # # / /_/ | / __ \| | \/ <\ \___\ \_/ \/ /_/ \ ___/ # # \____ |(______/__| |__|_ \\_____>\_____ /\_____|\____\ # # \/ \/ \/ # # ___________ ______ _ __ # # _/ ___\_ __ \_/ __ \ \/ \/ / # # \ \___| | \/\ ___/\ / # # \___ >__| \___ >\/\_/ # # est.2007 \/ \/ forum.darkc0de.com # ################################################################ Firefox 3.0.1 (final release) Unspecified Remote Code Execution Vulnerability ################################################################ Author: Beenu Arora Address: www.beenuarora.com ################################################################ #Python Dark Scripts: www.beenuarora.com/work.html ################################################################ #Date Found: 21/08/08 #Severity: High Operating System : Windows Vista Successfully exploiting this issue would allow an attacker to execute arbitrary code on an affected computer. Failed attacks will cause denial-of-service conditions. xul.dll causes an access violation exception (0xC0000005) when trying to write to memory location 0x032785d0 on thread 0 Thread 0 : Thread 0 - System ID 5768 Entry point 0x00000000 Create time 28-08-2008 20:09:40 Time spent in user mode 0 Days 00:00:38.797 Time spent in kernel mode 0 Days 00:00:28.204 Function Source 0x032785d0 xul!NS_CycleCollectorSuspect_P+1692 xul!NS_CycleCollectorSuspect_P+2a5 xul!NS_CycleCollectorSuspect_P+310 xul!NS_CycleCollectorForget_P+6e xul!gfxASurface::GetDefaultContextFlags+a568a xul!NS_GetComponentRegistrar_P+42ea xul!gfxWindowsNativeDrawing::PaintToContext+39cf5 xul!NS_CycleCollectorSuspect_P+246c2 xul!gfxWindowsPlatform::UpdateFontList+45af xul!NS_CycleCollectorForget_P+10f37 xul!NS_CycleCollectorForget_P+1189a xul!gfxFont::~gfxFont+702 xul!gfxWindowsPlatform::ResolveFontName+b1a8 js3250!JS_FinalizeStub+911 nspr4!PR_Unlock+39 xul!gfxASurface::GetDefaultContextFlags+23fa xul!NS_InvokeByIndex_P+328ad xul!NS_CycleCollectorForget_P+17925 xul!gfxWindowsFontGroup::GroupFamilyListToArrayList+11a4 xul!NS_CycleCollectorForget_P+22f5a Module Information Image Name: C:\Program Files\Mozilla Firefox\xul.dll Symbol Type: Export Base address: 0x6afc0000 Time Stamp: Wed Jul 02 21:58:44 2008 Checksum: 0x009488a3 COM DLL: False Company Name: Mozilla Foundation ISAPIExtension: False ISAPIFilter: False File Version: 1.9.0.1 Managed DLL: False Internal Name: libxul VB DLL: False Legal Copyright: License: MPL 1.1/GPL 2.0/LGPL 2.1 Loaded Image Name: xul.dll Legal Trademarks: Mozilla Mapped Image Name: Module name: xul Private Build: Single Threaded: False Product Name: Firefox Module Size: 9.34 MBytes Symbol File Name: xul.dll ################################################################ ______________________________________________________________________________________ |Greetz: D3hydr8,rascal,rsauron,patrick,baltazar,sinner_01 and rest of team memebers. | |_____________________________________________________________________________________|