[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Re: Mozilla Firefox Certificate Spoofing

To: evilninja@xxxxxxx
Subject: [Full-Disclosure] Re: Mozilla Firefox Certificate Spoofing
From: Aviv Raff <avivra@xxxxxxxxx>
Date: Mon, 2 Aug 2004 09:43:51 +0300

evilninja wrote:
>i was not able to reproduce it in "Gecko/20040719 Firefox/0.9.1" either.
>all i get is the real https:// site and this in the JS log:
>Error: unterminated string literal
>Source File:
>Line: 1, Column: 17
>Source Code:
>document.writeln('<body onload=document.close();break;>

The original PoC contains an invalid JS code in the onunload event.
I've created a copy of the PoC without the problematic apostrophe that
causes the JS code to be invalid.
Here: http://avivra.europe.webmatrixhosting.net/moz/certspoof1.html

-- Aviv Raff

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [Full-Disclosure] change the value of Cookies
Next by Date: Re: [Full-Disclosure] 0xdefaced[6]
Previous by thread: Re: [Full-Disclosure] Re: Mozilla Firefox Certificate Spoofing
Next by thread: Re: [Full-Disclosure] Automated SSH login attempts?
Index(es):
- Date
- Thread