The Un-Official Proxomitron Forum / Proxomitron Filters / Privacy/Security/Spam / Mozilla browser "about:" exploit


Post Reply 
Mozilla browser "about:" exploit
Dec. 08, 2004, 08:08 AM
Post: #1
Siamesecat Offline
Member
****
 		Posts: 500
Joined: Mar 2004
 
Here is a crash exploit which works on Mozilla browsers:
http://maas-online.nl/security/poc-mozilla-crash.html

The crash actually occurs when the browser tries to print an iframe, but I think that allowing the use of about: <string> is inadvisable when it comes from web pages.
I wrote a filter to stop it. If anybody has any suggestion for improvement, I'd welcome it. For example, can other tags be used for such a thing, and is "src=" the only way in which something like that could be set up?

Code:
Name = "About: * Exploit (Mozilla)"
Active = TRUE
Bounds = "<(a|img|image|iframe|input|script)*></(a|img|image|iframe|input|script|br)>"
Limit = 250
Match = "*src=$AV(about:\1)*"
Replace = "Exploit: about:\1"
Add Thank You Quote this message in a reply
Post Reply 


Messages In This Thread
[] - Siamesecat - Dec. 08, 2004 08:08 AM
[] - sidki3003 - Dec. 08, 2004, 05:17 PM
[] - Siamesecat - Dec. 09, 2004, 06:30 AM
[] - sidki3003 - Dec. 09, 2004, 12:09 PM
[] - Kye-U - Dec. 09, 2004, 08:55 PM
[] - Siamesecat - Dec. 10, 2004, 07:39 AM
[] - Siamesecat - Dec. 10, 2004, 08:13 AM
[] - sidki3003 - Dec. 10, 2004, 12:32 PM
[] - Siamesecat - Dec. 12, 2004, 07:21 AM
[] - sidki3003 - Dec. 12, 2004, 05:16 PM
[] - Oddysey - Dec. 12, 2004, 05:56 PM
[] - sidki3003 - Dec. 12, 2004, 07:17 PM
[] - sidki3003 - Dec. 12, 2004, 08:21 PM
[] - Oddysey - Dec. 12, 2004, 11:09 PM
[] - sidki3003 - Dec. 13, 2004, 02:32 AM
[] - Kye-U - Dec. 15, 2004, 04:40 AM
[] - Kye-U - Dec. 25, 2004, 07:37 AM

Forum Jump:


Contact Us | The Un-Official Proxomitron Site | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication