Firefox and spyaxe

When i mean old hat, I mean not only the example , but the moral of the story. Exploits can cause remote code execution. And yes even for firefox it has happened.

I've be really surprised if anyone posting in this thread didn't know it. What TNT said in post below about being unaware of any FF 1.5 exploits probably summed it up best.

The only thing a few of us were interested in were whether you found some new trick.

From various other posts made by you I gather the Moral of story you are trying to show is, you need an "Anti-executable" but not a firewall.

 

Well, that's a vunlerability allright, but it's a denial of service only against Firefox itself and if you've been "hit" you can just remove history.dat and you'll be fine. Doesn't seem all that to me. Certainly very different from what has been described about the Spyaxe exploit/background installation.

 

Well yeah so I thought, but if you read the advisory, there's a possibility of a remote code execution using the same flaw.

The method of setting history to zero days (something I do anyway), might work, I don't know.

 

Ok, I read the advisory and it does mention code execution. But anyway, this is to be expected with many softwares. I wouldn't call an existing Firefox vulnerability something very surprising; what would be actually surprising is seeing a malware distributor finding one and exploiting it before it's even known. Most of the time these people are just nothing more than particularly nasty script kiddies, i.e. they don't do any research at all, they look for known vulnerabilities in softwares (found by someone else) and they try to exploit these; in fact, sometimes they don't even look for these, they just try to exploit people's lack of knowledge (i.e. the ever present "your system is infected by spyware" banners). I'm sure that somewhere some "security experts gone bad" do actually exist and they do create 0-day exploits for malware installation... but that's like what, maybe 1 every 50,000 of them.

 

I agree. What you say goes for IE too. But I seem to recall there was at least one known case, of a IE problem coming to light when someone analysed some actual malware/webpage.

So it does happen , though not for firefox yet, mainly because it's not worth it yet to do (or buy) serious research for something that affects 10% of people.

 

I posted that link because there are many people who believe that once they use Firefox, they can do whatever they want to without worrying about consequences. We'll probably never know exactly what happened with the englishguy, but he was probably under the false assmption that he was immune to stuff because he was using Firefox. With that assumption, who knows what happened.

My point was you can't assume you are safe because you are using Firefox. When I read that the englishguy was suprised that he got Spyaxe from using Firefox, I saw that as an example of what many people mistakenly believe.

 

Hello,
I never said you cannot get infected with Firefox. I said I have never heard of that happen. And after reading the blog, I was not convinced. From what paperghost asserted back at SW, you have to click something for evil to happen. If you click, then it's not an exploit, but a deliberate mistake.
I don't think that by merely visitng that page, staying on it for 4 min and then closing the browser (Firefox), that you will get infected.
And I think setting up a serious test could be valuble.
Try FF 1.0.* and 1.5 on various platforms (win2k, xp, xp sp1, xp sp2), with varying levels of 'patchedness', then add noscript into the picture, then proxomitron web filter, see what happens...
Mrk