[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Firefox 2.0.0.11 File Focus Stealing vulnerability

To: "Nate McFeters" <nate.mcfeters@xxxxxxxxx>
Subject: Re: [Full-disclosure] Firefox 2.0.0.11 File Focus Stealing vulnerability
From: "Static Rez" <staticrez@xxxxxxxxx>
Date: Sat, 1 Dec 2007 15:00:22 -0500

Doesn't work in Gran Paradiso 3.0a7

On Dec 1, 2007 12:37 PM, Nate McFeters <nate.mcfeters@xxxxxxxxx> wrote:

>
> More than likely all the gecko based browsers will be vulnerable to this.
> So that would include Mozilla, Camino, SeaMonkey... possibly even things
> like Thunderbird if you could get it to render.
>
> Nice find guys!
>
> Nate
>
> On 12/1/07, Juha-Matti Laurio <juha-matti.laurio@xxxxxxxx> wrote:
> >
> > Netscape Navigator version 9.0.0.4 is affected too. Test done with
> > PoC-type URL mentioned on Mac OS X 10.4.10 fully patched.
> > Vendor was contacted on 1st Dec 2007.
> >
> > - Juha-Matti
> >
> > carl hardwick <hardwick.carl@xxxxxxxxx> wrote:
> > > Firefox 2.0.0.11 File Focus Stealing vulnerability:
> > >
> > > Sorry Mozilla, but the recent file focus fix was not enough. I think
> > > Mozilla made another mistake while fixing the previous file/label
> > > issue. Because now I embed a file field and a textfield inside one
> > > label. When this happens, and you type only one time in the textfield,
> > > the focus travels to the file field and the value travels with it.
> > > Back to the drawing board I would say. I only got it to work in
> > > Firefox, Gareth checked Safari for me, and it also works in Safari. I
> > > guess this type of exploit could function on other HTML objects as
> > > well, and could be very dangerous because it only requires a one time
> > > focus in a textfield.
> > >
> > > PoC here:
> > >
> > http://carl-hardwick.googlegroups.com/web/Firefox20011StealFocusFlaw.htm
> > >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] Firefox 2.0.0.11 File Focus Stealing vulnerability
  - From: Juha-Matti Laurio
- Re: [Full-disclosure] Firefox 2.0.0.11 File Focus Stealing vulnerability
  - From: Nate McFeters

Prev by Date: Re: [Full-disclosure] MD5 algorithm considered toxic (and harmful)
Next by Date: [Full-disclosure] Firefox explicit charset inheritance
Previous by thread: Re: [Full-disclosure] Firefox 2.0.0.11 File Focus Stealing vulnerability
Next by thread: Re: [Full-disclosure] Firefox 2.0.0.11 File Focus Stealing vulnerability
Index(es):
- Date
- Thread