[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities

To: ascii <ascii@xxxxxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities
From: "Guasconi Vincent" <tyoptyop@xxxxxxxxx>
Date: Sun, 1 Jul 2007 01:26:38 +0200

On 7/1/07, ascii <ascii@xxxxxxxxxxxx> wrote:
> carl hardwick wrote:
>> PoC here: http://yathong.googlepages.com/FirefoxFocusBug.html
>> The vulnerability allows the attacker to silently redirect focus
>> [...]
>
> many thanks for sharing this : )
> it's a pretty serious vulnerability as said by Zalewski

Pretty serious for you, me, and some others.
0.02$ that it will never be patched.

-- 
Guasconi Vincent
Etudiant.
http://altmylife.blogspot.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities
  - From: ascii

Prev by Date: Re: [Full-disclosure] New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities
Next by Date: Re: [Full-disclosure] Month of Random Hashes: DAY SEVENTEEN
Previous by thread: Re: [Full-disclosure] New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities
Next by thread: Re: [Full-disclosure] DOS on phrack?
Index(es):
- Date
- Thread