Re: Firescrolling [Firefox 1.0]

From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 02/28/05

  • Next message: John Groth: "Re: Problems with MS05-013" 
    Date:         Mon, 28 Feb 2005 15:23:31 -0500
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Compendium of responses;

    Lukasz Szmit
    -----
    Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 makes your proof-of-concept fail. However my browser runs a non-default config. Javascript is enabled and adblock is not blocking flash. The result of running the code is a new tab with chrome://browser/content/openLocation.xul prompting for input.
    -----

    Eric McCarty
    -----
    Confirmed Exploit works in Firefox 1.0, however on a side note Microsoft Anti-spyware prevented the script from executing.
    -----

    Jason Beauford asked;
    -----
    looked at:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html
    Are you sure its fixed???
    -----

    Cheers,
    Russ - NTBugtraq Editor 

    --
NTBugtraq Editor's Note:
Most viruses these days use spoofed email addresses. As such, using an Anti-Virus product which automatically notifies the perceived sender of a message it believes is infected may well cause more harm than good. Someone who did not actually send you a virus may receive the notification and scramble their support staff to find an infection which never existed in the first place. Suggest such notifications be disabled by whomever is responsible for your AV, or at least that the idea is considered.
--
  • Next message: John Groth: "Re: Problems with MS05-013"