This module exploits a vulnerability found in Mozilla Firefox 3.6 when
an array object is configured with a large length value , the
reduceRigh() method may cause an invalid index being used , allowing
arbitary remote code execution . Please note that the exploit requires a
longer amount of time ( compare to a typical browser exploit) in order
to gain control of the machine More : http://www.exploit-db.com/exploits/17612/
When using the Facebook 'Messages' tab, there is a feature to attach a file. Using this feature normally, the site won't allow a user to attach an executable file. A bug was discovered to subvert this security mechanisms. Note, you do NOT have to be friends with the user to send them a message with an attachment.
When attaching an executable file, Facebook will return an error message stating:
"Error Uploading: You cannot attach files of that type."
When uploading a file attachment to Facebook we captured the web browsers POST request being sent to the web server. Inside this POST request reads the line:
---------------------------------------------------------------------------------------------------------------------------------------- 5. Time Table:
09/30/2011 Reported Vulnerability to the Vendor 10/26/2011 Vendor Acknowledged Vulnerability 10/27/2011 Publicly Disclosed