Supercookies

Matej Kovacic matej.kovacic at owca.info
Fri Aug 21 07:41:54 UTC 2009


Uuups, it seems BetterPrivacy allows remote code execution:

This plugin is currently dangerous for anyone to have installed as it is 
vulnerable to a 0 day exploit which allows remote code execution. I wont 
post the code but lets just say I have a working exploit ( though benign 
) running on http://www.scenereleases.info/. The code isn't on the 
actual website, its a a banner ad but if you want to test your luck just 
visit http://www.scenereleases.info/ a few times and within 3 or 4 
tries, as soon as the add reaches you in rotation you will start hearing 
funny sounds, sound fx from movies, an explosion, some rumbling followed 
by a very creepy loop of someone saying "Ive got a virus, Ive got a 
virus very echoed. If you start task manager and then click on the 
applications tab you will see an .exe running called Better Privacy. 
Once you kill that process the sounds will stop. USE THIS PLUGIN ONLY IF 
YOU WANT TO CHANCE GETTING INFECTED BY SOMETHING THAT ACTUALLLY DOES 
DAMAGE. Most people arent as nice as I am to just show you a harmless 
demonstration.

See reviews at: https://addons.mozilla.org/en-US/firefox/addon/6623



More information about the tor-talk mailing list