Firefox 3.6.3 - DOS PoC Exploit

June 03, 2010

DOS POC which 'may' be exploitable. If a user has the AVG Safe Search 9.0.0.825 add-on installed while running FF 3.6.3 on Vista a DEP violation can be triggered.
This issue may be levearaged my a malicious attacker to get remote code to execute in the context of the user.
Bug ID: 569953
PoC | Stack Trace | Screen Captures



Firefox 3.6 DOS

March 10, 2010

Just another lame DOS. PoC



Firefox 3.5.15 Crash with recursive web-worker calls

April 09, 2010

Cool, just got a check from Mozilla for a bug-bounty.

Mozilla Check

October 29, 2009

On Tuesday Mozilla released Firefox 3.5.4 for Windows, Mac, and Linux on Tuesday to patch six critical security holes and some other problems. One of those security holes was from my exploit which I submitted to Bugzilla on October 9, 2009, CVE.

I have been in contact with Daniel Veditz from Mozilla and it seems that they have fixed the issue which could lead to exploiting the browser, so I have decided to release my PoC.

The issue was in the new web workers which Firefox implemented in there version 3.5 release. I presented the issue at AHA and will post the slides along with the PoC. I originaly posted the proccess for exploiting the vulnerability on sla.ckers.org.

This is just the beginning, give me time, I will learn more and improve my skill set in security research.

Orlando Barrera II

ATM Cheat Sheet

October 29, 2009

First it was Tranax, then Triton, now Hyosung. When will the information leakage stop? Another example of default passwords on mini-atm compiled in a nice list ;) [ ATM-Cheat Sheet | PDF ].

Message to vendor (Hyosung):
I just wanted to inform your company that there is a security issue dealing with information leakage. The default passwords used to access the manager menu on your atm machines are available within the public domain. Using google hacking one is able to locate the operator manuals for several models of atms. If you have any questions please feel free to contact me. Regards

Sponsor Banners
RSS Feed
Support Free CSS

Why Support Free CSS ?