Firefox 3.5.15 Crash with recursive web-worker calls
October 29, 2009
On Tuesday Mozilla released Firefox 3.5.4 for Windows, Mac, and Linux on Tuesday to patch six critical security holes and some other problems. One of those security holes was from my exploit which I submitted to Bugzilla on October 9, 2009, CVE.
I have been in contact with Daniel Veditz from Mozilla and it seems that they have fixed the issue which could lead to exploiting the browser, so I have decided to release my PoC.
The issue was in the new web workers which Firefox implemented in there version 3.5 release. I presented the issue at AHA and will post the slides along with the PoC. I originaly posted the proccess for exploiting the vulnerability on sla.ckers.org.
This is just the beginning, give me time, I will learn more and improve my skill set in security research.
Orlando Barrera IIATM Cheat Sheet
October 29, 2009
First it was Tranax, then Triton, now Hyosung. When will the information leakage stop? Another example of default passwords on mini-atm compiled in a nice list ;) [ ATM-Cheat Sheet | PDF ].
Message to vendor (Hyosung):
I just wanted to inform your company that there is a security issue dealing with information leakage. The default passwords used to access the manager menu on your atm machines are available within the public domain. Using google hacking one is able to locate the operator manuals for several models of atms. If you have any questions please feel free to contact me.
Regards
Facebook
Del.icio.us
Y! MyWeb
Google
Reddit
Simpy
Stumble
Blink
Digg
