Supercookies
Matej Kovacic
matej.kovacic at owca.info
Fri Aug 21 07:14:04 UTC 2009
Uuuups, it seems BetterPrivacy allows remote code execution.
"This plugin is currently dangerous for anyone to have installed as it
is vulnerable to a 0 day exploit which allows remote code execution. I
wont post the code but lets just say I have a working exploit ( though
benign ) running on http://www.scenereleases.info/. The code isn't on
the actual website, its a a banner ad but if you want to test your luck
just visit http://www.scenereleases.info/ a few times and within 3 or 4
tries, as soon as the add reaches you in rotation you will start hearing
funny sounds, sound fx from movies, an explosion, some rumbling followed
by a very creepy loop of someone saying "Ive got a virus, Ive got a
virus very echoed. If you start task manager and then click on the
applications tab you will see an .exe running called Better Privacy.
Once you kill that process the sounds will stop. USE THIS PLUGIN ONLY IF
YOU WANT TO CHANCE GETTING INFECTED BY SOMETHING THAT ACTUALLLY DOES
DAMAGE. Most people arent as nice as I am to just show you a harmless
demonstration."
https://addons.mozilla.org/en-US/firefox/addon/6623 (see reviews)...
More information about the tor-talk
mailing list