ClsHack:Computer Security Blog    

New module added to Metasploit that will allow you to create a fake extension for firefox that once installed will allow us to open a session metasploit.

Read by the module:

This exploit dynamically creates a .xpi addon file.
The resulting bootstrapped Firefox addon is presented to
the victim via a web page with. The victim’s Firefox browser
will pop a dialog asking if they trust the addon.

Once the user clicks “install”, the addon is installed and
executes the payload with full user permissions. As of Firefox
4, this will work without a restart as the addon is marked to
be “bootstrapped”. As the addon will execute the payload after
each Firefox restart, an option can be given to automatically
uninstall the addon once the payload has been executed.

Let's see how to use Metasploit:)

(more…)

Each time I format the pc, I break to reinstall all the firefox extensions that allow me to analyze a site, or to work.
With Mantra Security Toolkit I will not have this problem :D
From the official website:

OWASP Mantra is a powerful set of tools to make the attacker’s task easier. The beta version of Mantra Security Toolkit contains following tools built onto it. Moreover Mantra follows the guidelines and structure of FireCAT which makes it even more accessible. You can also always suggest any tools/ scripts that you would like see in the next release.

I found this very useful with all browsers preinstalled, based on firefox and high performance.
(more…)

Sorry if I write little :P but I'm pretty busy in a little o.o’ IBM System I start a course , During a Confederation of .. football .. school and I left very little time ;)
So I do not have much time to finish my projects, or doing my own tests :) but just a moment I'll go ahead with my experiments.

Overview

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

This exploit turned a long and time the form is also available for Metasploit ;)
(more…)

I've discussed previously, how to put the turbo fox, Now to the case when, I discover the existence of a firefox, (currently version 3.6.*) already optimized and quite fast, Linux for the destruction.
In related articles(at the bottom of this article), You can find other ways to optimize firefox on linux and windows.

Let's see how to install it on ubuntu and derivatives :)
(more…)

Mozilla Thunderbird is a mail client and news (able to handle RSS feeds and Newsgroups) developed by Mozilla and completely free.

Thunderbird 3 is available for Microsoft Windows, GNU/Linux, Mac OS X .

Supports extensions (additional functionality to be installed according to the requirements) and themes (with which you can customize the look of the program).

Other features of the program are:

• a Bayesian anti-spam;

(more…)