Comments on: -82DAY: NoScript pwns Quicktime pwning Firefox

By: Eve

Eve — Wed, 02 Apr 2008 19:16:26 +0000

Funnily enough (nothing to do with the post that is scary enough) that pic is on display at the Amsterdam “Torture Museum”. Visited it last month!

Small world…

By: Old NoScript Tricks Blocking New Vulnerabilities | CorrectServer.com - Servers and Server Software

Wed, 23 Jan 2008 16:12:01 +0000

[…] It happened in the past and it’s happening again: a new directory traversal vulnerability with potential for private data exposure has been publicly disclosed and confirmed by Mozilla, but NoScript users have been protected since August 2007. […]

By: hackademix.net » Old NoScript Tricks Blocking New Vulnerabilities

hackademix.net » Old NoScript Tricks Blocking New Vulnerabilities — Wed, 23 Jan 2008 14:15:51 +0000

By: hackademix.net » Java, Quicktime and Other Good News

hackademix.net » Java, Quicktime and Other Good News — Thu, 04 Oct 2007 05:29:15 +0000

[…] “Quicktime pwns default browsers” bug, after being worked around by Mozilla with the release of Firefox 2.0.0.7, has been […]

By: hackademix.net » Don't Open That Doc!

hackademix.net » Don't Open That Doc! — Thu, 20 Sep 2007 19:55:49 +0000

[…] seen MP3 tunes pwning Firefox (and NoScript promptly counter-pwning), Windows playlists pwning browser security, and finally PDF documents pwning Windows PCs. This […]

By: ·¨-=[WHK]=-¨· » Archive » Zero day en QuickTime de apple permite la ejecución de códigos remotamente (

Fri, 14 Sep 2007 19:43:01 +0000

[…] hackademix.net » -82DAY: NoScript pwns Quicktime pwning Firefox […]

By: Quicktime bug dangerous for Firefox users «

Quicktime bug dangerous for Firefox users « — Thu, 13 Sep 2007 04:48:57 +0000

[…] users can protect themselves against this exploit by using the NoScript extension. According to this post at hackademix.net, the addon will prevent Petkov’s exploit from working even if a user has […]

By: Giorgio

Giorgio — Thu, 13 Sep 2007 03:40:08 +0000

@hmm:
You wrote:

ever thought about just overhauling the javascript engine in firefox to only exec the known good instead of the known bad?
[…]limiting the function calls implementing in the ff javascript stack to a discrete few[…]

Can you show me what’s “known good” and what’s “known bad” with JavaScript?
It’s a Turing complete, dynamic and the browser DOM allows it to do the same thing in a million of ways, so good luck with that.
Just to stay with the DOM API, I’d just not know where to start: XMLHttpRequest? document.cookie? window.location? Image? node.innerHTML? document.createNode?
Any suggestion is welcome…

@bugstomper:
you’re right, it doesn’t work on Mac OS X and the reason is quite clear. I’m updating my post to reflect this.

By: bugstomper

bugstomper — Thu, 13 Sep 2007 00:19:13 +0000

The proof of concept doesn’t work on my Firefox 2.0.0.6 under MacOS 10.4.9, and I don’t have NoScript installed. When I try his POC, I first get an alert telling me that I’m trying to authenticate as username chrome%20javascript on site mozilla.org that does not require authentication, it may be an attempt to trick me, and asking if mozilla.org is the site I want to visit. Even if I click Yes, the resulting URL is not a chrome one, but is http://mozilla.org/…. followed by what looks like the attempted exploit code. Instead of running the exploit, that simply results in a 404 not found error from mozilla.org.

pdp says on his site that the vulnerability is cross-platform, and I see everyone quoting him on that, but he also said he doesn’t have a Mac and hasn’t tried it on one.

By: securology

securology — Wed, 12 Sep 2007 13:48:24 +0000

Another separation of code and data issue …

Again. Just another example of why it is important to separate executable code from data objects …