Firefox Code Execution Exploit
Ini adalah demo untuk Firefox 1.0.4 Code Execution Exploit.
The “Set As Wallpaper” dialog takes the image url as a parameter without validating it. This allows to execute javascript in chrome and to run arbitrary code. By using absolute positioning and the moz-opacity filter an attacker can easily fool the user to think he is setting a valid image as wallpaper. Right click on the image and choose “Set As Wallpaper”. The demo requests UniversalXPConnect rights, creates c:\booom.bat and launches the batch file that shows a directoy listing in a dos box (Windows only).
Untuk melihat sendiri, sila klik View Demo dan pastikan anda menggunakan Browser Firefox Versi 1.04. Klik kanan (right click) pada image dan anda akan dapat lihat Set As Wallpaper telah disable.
Posted on September 26th, 2005 by SMD
Filed under: Web Development
I am a Free and Open Source Software lover, advocate. I would like to see Open Source grow, and more users being able to use and understand it. I would like to continue to become a part of this growing community, and to grow with it! 
now dah Firefox 1.0.7, this bug masih ada ka aaa?
bugs ni tiada sudah dalam Firefox versi di atas 1.04