Archive for September 12th, 2007

Pompei PartyGNUCITIZEN’s Petko D. Petkov (AKA pdp) just posted an interesting 0DAY disclosure about a Quicktime bug allowing JavaScript chrome privilege escalation on Gecko-based browsers — in other words, a full fledged remote arbitrary code execution vulnerability.

If you run one of those demos on Microsoft Windows, you’ll see pretty things happening, like calc.exe being launched behind your back.
Both Petko and I said this vulnerability is theoretically cross-platform, but as many reported it couldn’t actually be reproduced on Mac OS X.
It doesn’t come as a real surprise, though, since this is just another cross-application URI dispatching bug, and the Apple OS has already shown to manage this issue in a much saner way than its counterpart from Redmond.
At any rate, on Windows at least, this can be exploited to do anything the currently logged user can.
Scary, right?

However, thanks to Billy Rios, Thor Larholm and other “URI handler gangsters”, NoScript users are protected from this and similar possible exploits since 22-Jun-2007.

Even if gnucitizen.org is in your whitelist, nothing bad will happen thanks to the specific top-level chrome protection implemented almost 3 months ago.

Hmm… alert(Math.round((new Date(2007, 5, 22) - new Date(2007, 8, 12)) / 3600 / 24 / 1000)) ==> -82 ;)

Bad Behavior has blocked 11205 access attempts in the last 7 days.