[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Firefox 2.0.0.11 File Focus Stealing vulnerability
- To: carl hardwick <hardwick.carl@xxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Firefox 2.0.0.11 File Focus Stealing vulnerability
- From: Juha-Matti Laurio <juha-matti.laurio@xxxxxxxx>
- Date: Sat, 1 Dec 2007 17:24:56 +0200 (EET)
Netscape Navigator version 9.0.0.4 is affected too. Test done with PoC-type URL
mentioned on Mac OS X 10.4.10 fully patched.
Vendor was contacted on 1st Dec 2007.
- Juha-Matti
carl hardwick <hardwick.carl@xxxxxxxxx> wrote:
> Firefox 2.0.0.11 File Focus Stealing vulnerability:
>
> Sorry Mozilla, but the recent file focus fix was not enough. I think
> Mozilla made another mistake while fixing the previous file/label
> issue. Because now I embed a file field and a textfield inside one
> label. When this happens, and you type only one time in the textfield,
> the focus travels to the file field and the value travels with it.
> Back to the drawing board I would say. I only got it to work in
> Firefox, Gareth checked Safari for me, and it also works in Safari. I
> guess this type of exploit could function on other HTML objects as
> well, and could be very dangerous because it only requires a one time
> focus in a textfield.
>
> PoC here:
> http://carl-hardwick.googlegroups.com/web/Firefox20011StealFocusFlaw.htm
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/