[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Firefox 2.0.0.11 File Focus Stealing vulnerability

To: "Randal, Phil" <prandal@xxxxxxxxxxxxxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Firefox 2.0.0.11 File Focus Stealing vulnerability
From: Juha-Matti Laurio <juha-matti.laurio@xxxxxxxx>
Date: Sun, 2 Dec 2007 02:13:51 +0200 (EET)

N/A unfortunately, but BID26669 points to entries
https://bugzilla.mozilla.org/show_bug.cgi?id=258875
and
https://bugzilla.mozilla.org/show_bug.cgi?id=56236

via this older one advisory: http://www.securityfocus.com/bid/18308/references

Link: http://www.securityfocus.com/bid/26669/discuss

(Probably BID18038 mentioned is a typo...)

- Juha-Matti


"Randal, Phil" <prandal@xxxxxxxxxxxxxxxxxxxx> kirjoitti: 
> 
>  And the Mozilla bugzilla number is?
> 
> 
> -----Original Message-----
> From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
> [mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of
> Juha-Matti Laurio
> Sent: 01 December 2007 15:25
> To: carl hardwick; full-disclosure@xxxxxxxxxxxxxxxxx
> Subject: Re: [Full-disclosure] Firefox 2.0.0.11 File Focus Stealing
> vulnerability
> 
> Netscape Navigator version 9.0.0.4 is affected too. Test done with
> PoC-type URL mentioned on Mac OS X 10.4.10 fully patched.
> Vendor was contacted on 1st Dec 2007.
> 
> - Juha-Matti
> 
> carl hardwick <hardwick.carl@xxxxxxxxx> wrote: 
> > Firefox 2.0.0.11 File Focus Stealing vulnerability:
> > 
> > Sorry Mozilla, but the recent file focus fix was not enough. I think 
> > Mozilla made another mistake while fixing the previous file/label 
> > issue. Because now I embed a file field and a textfield inside one 
> > label. When this happens, and you type only one time in the textfield,
> 
> > the focus travels to the file field and the value travels with it.
> > Back to the drawing board I would say. I only got it to work in 
> > Firefox, Gareth checked Safari for me, and it also works in Safari. I 
> > guess this type of exploit could function on other HTML objects as 
> > well, and could be very dangerous because it only requires a one time 
> > focus in a textfield.
> > 
> > PoC here:
> > http://carl-hardwick.googlegroups.com/web/Firefox20011StealFocusFlaw.h
> > tm
> > 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] High Value Target Selection
Next by Date: Re: [Full-disclosure] MD5 algorithm considered toxic (and harmful)
Previous by thread: Re: [Full-disclosure] Firefox 2.0.0.11 File Focus Stealing vulnerability
Next by thread: Re: [Full-disclosure] Firefox 2.0.0.11 File Focus Stealing vulnerability
Index(es):
- Date
- Thread