InformAction Forums

How can NoScript help with this vunerability in Firefox? http://secunia.com/advisories/41095

Don't know that there's anything for NoScript to do in this case.

http://www.dslreports.com/forum/r247129 ... ows-Applic

http://www.dslreports.com/forum/r247095 ... vulnerable

http://www.dslreports.com/forum/r247079 ... ws-DLL-bug

http://www.dslreports.com/forum/r247028 ... -patch-out

http://support.microsoft.com/kb/2264107

Worst part is, you or I don't know what to do about this. We may read the links or read the KB but still we don't understand enough to make an intelligent decision.

it would be very difficult to exploit as from what im seeing, you need to have IE go to the site to initiate a share, and then open the html (in the share) inside firefox to exploit it (basically you need user interaction, and cannot be exploited using simple html, (although idk, if this can be exploited by automation ala javascript, but then you see that noscipt stops it), basically unless you are on a corporate setting, you shouldnt worry, as long as take care in what you click in IE (and IE-tab as it is exploitable too) you should be fine

darkassain wrote:it would be very difficult to exploit as from what im seeing, you need to have IE go to the site to initiate a share, and then open the html (in the share) inside firefox to exploit it (basically you need user interaction, and cannot be exploited using simple html, (although idk, if this can be exploited by automation ala javascript, but then you see that noscipt stops it), basically unless you are on a corporate setting, you shouldnt worry, as long as take care in what you click in IE (and IE-tab as it is exploitable too) you should be fine

What about using USB drive, as I understood it you are vunerable if you have one plugged in
http://www.networkworld.com/news/2010/0 ... ml?hpg1=bn

Keep Firefox running until you get updated to next Firefox version (which will contain a fix).
Firefox cannot be exploited while it's already running (you must open a malicious document causing Firefox to be started from the same directory, for the exploit to work).

If keeping Firefox running until the next Firefox release -- currently scheduled for September 7 -- isn't practical, you can work around the vulnerability by starting Firefox from the Firefox icon instead of starting it by clicking on a link or malicious document.

The new MS patch with CWDIllegalInDllSearch=2 prevents the loading of DLLs by local apps from remote CWDs (current working directories). But the safest solution which covers all potential vulnerabilities in this class is to completely block transparent file system access over the internet.

The following applies specifically to XP, but probably to newer windows as well.

There are two windows components that allow transparent folder (UNC) access to remote untrusted resources:

1. Client for Microsoft Networks (SMB over TCP/UDP, port 445 & SMB over NetBIOS over TCP/UDP, ports 137-139). Client for Microsoft Networks can either be completely disabled (properties of the connection), or if needed for LAN sharing, either the router or local firewall can be configured to block outgoing TCP/UDP ports 137-139, 445 to the internet.
2. WebCient service (WebDav protocol over http) - can be disabled through services.msc

you need to have IE

Wrong.

VLC media player & μTorrent (are at least two applications that) have fixed things on their ends.

When MS first published KB 2264107, the downloads were considered non-critical & you needed to verify authenticity first.

A general solution against this type of attack is presented here. The same can be accomplished with Applocker instead of SRP.

(tlu, are you the tlu of SuRun, SUDO?)

How to Delete a Software Restriction Policy (SRP)?

W7: Lets Talk Standard User (Limited) vs Administrator

http://www.dslreports.com/forum/r24723349-

therube wrote:(tlu, are you the tlu of SuRun, SUDO?)

I confess

therube wrote:

you need to have IE

Wrong.

VLC media player & μTorrent (are at least two applications that) have fixed things on their ends.

When MS first published KB 2264107, the downloads were considered non-critical & you needed to verify authenticity first.

if you read my whole post you would have found out that IE is need to initate a webdav share

whether or not VLC or Utorrent are patched or not does not pertain to the topic which you brought up, which is how the exploit is initiated, through a shared folder, of which you can only initiate through IE...