################################################################ 
#       .___             __          _______       .___        # 
#     __| _/____ _______|  | __ ____ \   _  \    __| _/____    # 
#    / __ |\__  \\_  __ \  |/ // ___\/  /_\  \  / __ |/ __ \   # 
#   / /_/ | / __ \|  | \/    <\  \___\  \_/   \/ /_/ \  ___/   # 
#   \____ |(______/__|  |__|_ \\_____>\_____  /\_____|\____\   # 
#        \/                  \/             \/                 # 
#                   ___________   ______  _  __                # 
#                 _/ ___\_  __ \_/ __ \ \/ \/ /                # 
#                 \  \___|  | \/\  ___/\     /                 # 
#                  \___  >__|    \___  >\/\_/                  # 
#      est.2007        \/            \/   forum.darkc0de.com   # 
################################################################ 
 

Firefox 3.0.1 (final release) Unspecified Remote Code Execution Vulnerability 

################################################################ 
Author: Beenu Arora 
Address: www.beenuarora.com 
################################################################ 
 
 
#Python Dark Scripts: www.beenuarora.com/work.html 
 
################################################################ 
#Date Found: 21/08/08 
#Severity: High 


Operating System : Windows Vista  


Successfully exploiting this issue would allow an attacker to execute arbitrary code on an affected computer. Failed attacks will cause denial-of-service conditions.

xul.dll causes an access violation exception (0xC0000005) when trying to write to memory location 0x032785d0 on thread 0

Thread 0 : 

Thread 0 - System ID 5768
Entry point   0x00000000 
Create time   28-08-2008 20:09:40 
Time spent in user mode   0 Days 00:00:38.797 
Time spent in kernel mode   0 Days 00:00:28.204 

Function   Source 
0x032785d0    
xul!NS_CycleCollectorSuspect_P+1692    
xul!NS_CycleCollectorSuspect_P+2a5    
xul!NS_CycleCollectorSuspect_P+310    
xul!NS_CycleCollectorForget_P+6e    
xul!gfxASurface::GetDefaultContextFlags+a568a    
xul!NS_GetComponentRegistrar_P+42ea    
xul!gfxWindowsNativeDrawing::PaintToContext+39cf5    
xul!NS_CycleCollectorSuspect_P+246c2    
xul!gfxWindowsPlatform::UpdateFontList+45af    
xul!NS_CycleCollectorForget_P+10f37    
xul!NS_CycleCollectorForget_P+1189a    
xul!gfxFont::~gfxFont+702    
xul!gfxWindowsPlatform::ResolveFontName+b1a8    
js3250!JS_FinalizeStub+911    
nspr4!PR_Unlock+39    
xul!gfxASurface::GetDefaultContextFlags+23fa    
xul!NS_InvokeByIndex_P+328ad    
xul!NS_CycleCollectorForget_P+17925    
xul!gfxWindowsFontGroup::GroupFamilyListToArrayList+11a4    
xul!NS_CycleCollectorForget_P+22f5a 


Module Information
 
Image Name: C:\Program Files\Mozilla Firefox\xul.dll     Symbol Type:  Export 
Base address: 0x6afc0000                                 Time Stamp:  Wed Jul 02 21:58:44 2008  
Checksum: 0x009488a3  
COM DLL: False                                           Company Name:  Mozilla Foundation 
ISAPIExtension: False   
ISAPIFilter: False                                       File Version:  1.9.0.1 
Managed DLL: False                                       Internal Name:  libxul 
VB DLL: False   Legal Copyright:                         License: MPL 1.1/GPL 2.0/LGPL 2.1 
Loaded Image Name:  xul.dll                              Legal Trademarks:  Mozilla 
Mapped Image Name:     
Module name:  xul                                        Private Build:   
Single Threaded:  False                                  Product Name:  Firefox 
Module Size:  9.34 MBytes                                
Symbol File Name:  xul.dll                                 


################################################################ 
 ______________________________________________________________________________________ 
|Greetz: D3hydr8,rascal,rsauron,patrick,baltazar,sinner_01 and rest of team memebers. | 
|_____________________________________________________________________________________|