February 7th, 2006, 07:31 PM
OK, it has just been too quiet on here today for new security news, so I thought I should shake things up!
I just received a Beta exploit for the Firefox vulnerability annouced here back on Feb. 1st. The exploit is for the Metasploit framework and is not yet published on their site. This is straight from the exploit code:
It's patching time!
This module exploits a code execution vulnerability in the Mozilla Firefox browser. To reliably exploit this vulnerability, we need to fill almost a gigabyte of memory with our nop sled and payload. This module has been tested on Gentoo Linux with the stock mozilla-firefox 126.96.36.199 package.
BTW - I did notice that the SANS ISC is aware of this.
******* EDIT *******
D'oh! I just noticed how I spelled Firefox on the title of the thread. Sorry.
If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
- Sun Tzu
, The Art of War