[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Firefox 2.0.0.11 File Focus Stealing vulnerability

To: "Randal, Phil" <prandal@xxxxxxxxxxxxxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Firefox 2.0.0.11 File Focus Stealing vulnerability
From: Juha-Matti Laurio <juha-matti.laurio@xxxxxxxx>
Date: Sun, 2 Dec 2007 11:34:42 +0200 (EET)

It appears that BID 26669 doesn't list these Bugzilla entries any more.

- Juha-Matti

Juha-Matti Laurio <juha-matti.laurio@xxxxxxxx> kirjoitti: 
> N/A unfortunately, but BID26669 points to entries
> https://bugzilla.mozilla.org/show_bug.cgi?id=258875
> and
> https://bugzilla.mozilla.org/show_bug.cgi?id=56236
> 
> via this older one advisory: http://www.securityfocus.com/bid/18308/references
> 
> Link: http://www.securityfocus.com/bid/26669/discuss
> 
> (Probably BID18038 mentioned is a typo...)
> 
> - Juha-Matti
> 
> 
> "Randal, Phil" <prandal@xxxxxxxxxxxxxxxxxxxx> kirjoitti: 
> > 
> >  And the Mozilla bugzilla number is?
> > 
> > 
> > -----Original Message-----
> > From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
> > [mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of
> > Juha-Matti Laurio
> > Sent: 01 December 2007 15:25
> > To: carl hardwick; full-disclosure@xxxxxxxxxxxxxxxxx
> > Subject: Re: [Full-disclosure] Firefox 2.0.0.11 File Focus Stealing
> > vulnerability
> > 
> > Netscape Navigator version 9.0.0.4 is affected too. Test done with
> > PoC-type URL mentioned on Mac OS X 10.4.10 fully patched.
> > Vendor was contacted on 1st Dec 2007.
> > 
> > - Juha-Matti
> > 
> > carl hardwick <hardwick.carl@xxxxxxxxx> wrote: 
> > > Firefox 2.0.0.11 File Focus Stealing vulnerability:
> > > 
> > > Sorry Mozilla, but the recent file focus fix was not enough. I think 
> > > Mozilla made another mistake while fixing the previous file/label 
> > > issue. Because now I embed a file field and a textfield inside one 
> > > label. When this happens, and you type only one time in the textfield,
> > 
> > > the focus travels to the file field and the value travels with it.
> > > Back to the drawing board I would say. I only got it to work in 
> > > Firefox, Gareth checked Safari for me, and it also works in Safari. I 
> > > guess this type of exploit could function on other HTML objects as 
> > > well, and could be very dangerous because it only requires a one time 
> > > focus in a textfield.
> > > 
> > > PoC here:
> > > http://carl-hardwick.googlegroups.com/web/Firefox20011StealFocusFlaw.h
> > > tm
> > > 
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] authentic hackers still do it for the love ... (was: Hell Camp: It never pays enough)
Next by Date: [Full-disclosure] need help in managing administrators
Previous by thread: Re: [Full-disclosure] Firefox 2.0.0.11 File Focus Stealing vulnerability
Next by thread: [Full-disclosure] rPSA-2007-0255-1 nss_ldap
Index(es):
- Date
- Thread