republican-creole
Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » Firefox 2 is vulnerable to ANI flaw
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
I might have gotten SystemDoctor... »
« MS Security Bulletin Advanced Notification for 4/3/2007  
AuthorAll Replies


Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire		reply to matunga
Re: Firefox 2 is vulnerable to ANI flaw

the poc listed below did not crash FF (on either XP or W2K)

»zert.isotf.org/tests/testani.htm

It closed IE7 but not IE6

Cudni
to forum · permalink · · 2007-04-03 11:42:18 · Reply to this


CajunTek
Insane Cajun
Premium,MVM
join:2003-08-08
Arlington, TX		 Hmm... with hardware DEP on... It didn't crash ff or cause IE7 to close...
--
da Cajun Darn I hate Malware
to forum · permalink · · 2007-04-03 12:00:59 · Reply to this

Jrb2
Premium
join:2001-08-31

reply to Cudni
Hi Cudni,

IMON (NOD32) immediately jumps up with a warning (see screenie) when clicking on that link.
Then I see: "you do not appear to be vulnerable to the ie ani cursor exploit" (etc etc).
to forum · permalink · · 2007-04-03 12:10:28 · Reply to this


AB
Premium
join:2006-04-04
Leesburg, VA

reply to Cudni
said by Cudni See Profile :

the poc listed below did not crash FF (on either XP or W2K)

»zert.isotf.org/tests/testani.htm

It closed IE7 but not IE6
The screenshot is what I get with Firefox 2.0.0.3 at that link.

I notice they call it an "ie exploit". Just poor characterization on their part?
to forum · permalink · · 2007-04-03 12:29:15 · Reply to this


somebodynew5

@direcpc.com

 I think the biggest problem with these Proof of Concept test pages is people think that just because they pass one particular test that says their system is safe they think they are safe.

These proof of concept pages often only test a limited subset of all possible attack vectors. So while one proof of concept page may only trigger the exploit under IE there may also be attack vectors available under Firefox that are simply not exploited by the particular POC test page. A simple change to the exploit code may be able to attack using other browsers or avenues of exploit.

Much like all pages do not render the same under all browser many core operating system exploits require some minor code changes to target other browsers.

So any time the flaw is located in the underlying operating system just using a different browser may not close all available attack vectors. It all depends on the actual exploit. In this case the exploit can be triggered by some CSS code to load a ANI cursor file, So with some tweaks I am sure it is quite possible to cause Firefox to attempt to load a ANI file into windows.
to forum · permalink · 2007-04-03 13:41:18 · Reply to this


CajunTek
Insane Cajun
Premium,MVM
join:2003-08-08
Arlington, TX		 Just an FYI folks.. there is a patch available at windows update... even as I type...
--
da Cajun Darn I hate Malware
to forum · permalink · · 2007-04-03 13:46:56 · Reply to this


AB
Premium
join:2006-04-04
Leesburg, VA

reply to somebodynew5
said by somebodynew5 :

I think the biggest problem with these Proof of Concept test pages is people think that just because they pass one particular test that says their system is safe they think they are safe.

These proof of concept pages often only test a limited subset of all possible attack vectors. . . .

. . In this case the exploit can be triggered by some CSS code to load a ANI cursor file, So with some tweaks I am sure it is quite possible to cause Firefox to attempt to load a ANI file into windows.
I don't doubt this for a moment.
to forum · permalink · · 2007-04-03 13:49:44 · Reply to this


fishmaster
Premium
join:2004-10-08
Rockford, IL
·Comcast
·Insight Communicat..

1 edit

after patch ani alert
Well FF did not appear vulnerable until I click the IE tab. Opera is not vulnerable either. However after installing the update I still got this in IE7...see pic...makes a dude wonder?? aye?
to forum · permalink · · 2007-04-03 16:28:24 · Reply to this


dadkins
Can you do Blu?
Premium,MVM
join:2003-09-26
Hercules, CA
·Comcast

1 edit
Click for full size
#1 SMALL picture even when clicked on... cannot read text.

#2 No problems here in IE 7 after patch.
--
Think outside the Fox... Opera
to forum · permalink · · 2007-04-04 12:12:58 · Reply to this
Forums » Up and Running » Security » SecurityI might have gotten SystemDoctor... »
« MS Security Bulletin Advanced Notification for 4/3/2007  

Sunday, 29-Nov 14:05:10 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [124] Time Warner Cable Fires Broadside At Broadcasters
· [112] New AT&T Ad Campaign Hits Back At Verizon
· [96] Apple Joins AT&T Verizon Snark Fest
· [87] New Bill Takes Aim At Higher Verizon ETFs
· [80] TiVo Sees Record Customer Losses
· [77] Weekend Open Thread
· [76] Verizon CEO: Hulu Will Be Dead Soon
· [69] In-Flight Internet Headed For Bumpy Landing?
· [62] Thanksgiving Open Thread
· [40] EFF Wages War On Fine Print
Most people now reading
· Is Easynews down? [Filesharing Software]
· Are GPS's better today? [General Questions]
· Windows 7 boot manager editing questions [Microsoft Help]
· [NFL] Week 12 Games Thread [Sports Chat]
· Grey Cup on the Web? [Canadian Chat]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· What is the spell hit cap for a lvl 80 full arcane spec mage [World of Warcraft]
· [Newsgroups] Newzleech down? [Filesharing Software]
· Anyone have a problem [Software]
· Evading throttling with uTP / uTorrent 1.9a [TekSavvy]