http://larholm.com Me, myself and I Mon, 01 Oct 2007 15:04:43 +0000 http://backend.userland.com/rss092 en Last Wednesday, pdp published a 0day exploit for the Quicktime plugin in Firefox that allowed you to instantiate a separate Firefox instance with arbitrary command line arguments. Since Firefox has published a remedy for this in the form of Firefox 2.0.0.7 I thought I would detail how you can accomplish ... http://larholm.com/2007/09/19/quicktime-qtnext-0day-for-ie/ Yesterday I was at a Silverlight conference in Copenhagen which was actually quite interesting. For those of you who might not know what Silverlight is, it is a Flash competitor developed by Microsoft based on Windows Presentation Foundation and XAML. If you are not interested in Silverlight development in general ... http://larholm.com/2007/08/31/silverlight-10-release-candidate/ The summer is officially over and I hope yours has been as fun as mine. I didn't go to Blackhat or DefCon this year, so I hope the rest of you had a good time for me. As for this site, it's time to start writing some articles again :) Ronald ... http://larholm.com/2007/08/14/remote-variable-leakage/ In my previous post I detailed how the Mozilla suite has an unpatched input validation vulnerability in how it handles URL protocol handlers. Together with this I detailed several XPI exploits that could be used to target Thunderbird 2.0.0.4. I detailed my reason for publishing this vulnerability report in my Bugtraq ... http://larholm.com/2007/07/26/thunderbird-15-has-not-been-patched-with-osint/ This is the vulnerability report that I promised in "Handling URL protocol handlers". You can download the entire report together with the XPI exploits at http://larholm.com/media/2007/7/mozillaprotocolabuse.zip. The exploits have been successfully tested with Firefox 2.0.0.5 and Thunderbird 2.0.0.4, Thunderbird 2.0.0.5 is not vulnerable due to the "osint" flag. Mozilla Protocol Abuse Cross-application ... http://larholm.com/2007/07/25/mozilla-protocol-abuse/ There is a lot of talk about how an application should handle URL protocol handlers. Jesper Johanson has expressed his thoughts, as has David LeBlanc, Billy Rios, Window Snyder and pdp. Billy Rios just detailed yet another potential attack vector for protocol abuse. I don't think it is the responsibility of ... http://larholm.com/2007/07/25/handling-url-protocol-handlers/ This is really just a short note to detail what others have surely discovered as well. The Mozilla Corporation released Firefox 2.0.0.5 on July 17, followed by the release of Thunderbird 2.0.0.5 on July 19. Both of these releases tightened up the input validation performed on command line arguments, specifically to ... http://larholm.com/2007/07/23/seamonkey-suite-affected-by-url-vulnerability/ Mozilla has just released Firefox 2.0.0.5 which purportedly fixes one of the attack vectors of the Internet Explorer input validation flaw that I previously detailed. I will go on the record as stating that this does not actually fix the flaw in Internet Explorer, but simply patches one of the ... http://larholm.com/2007/07/18/firefox-fixes-internet-explorer-flaw/ There is an input validation flaw in Internet Explorer that allows you to specify arbitrary arguments to the process responsible for handling URL protocols. This is the same type of input validation vulnerability that I discovered in the Safari 3 beta (see "Safari for Windows, 0day exploit in 2 hours"). When ... http://larholm.com/2007/07/10/internet-explorer-0day-exploit/ On June 11 I published an input validation vulnerability in PHPMailer, CVE-2007-3215. Since then, a number of applications have manually patched their PHPMailer source files and released updates. WordPress 2.2.1 Symfony 1.0.5 Debian DSA-1315-1 libphp-phpmailer knowledgeroot Knowledgebase 0.9.8.3 IPplan 4.86a Unfortunately, PHPMailer itself has not released an official update and is still being distributed with the ... http://larholm.com/2007/06/27/phpmailer-security-updates/