Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Exploits in websites due to buggy input validation where mozilla is at fault as well as the website.
From: Barry Fitzgerald <bkfsec () sdf lonestar org>
Date: Thu, 15 Jul 2004 10:23:33 -0400

Seth Alan Woolley wrote:

Is it just me or is that behavior idiotic?  I've seen this bug in
_multiple_ scripts I've audited.  For that reason, I feel much less safe
signing up for cookies on websites that I haven't audited myself for
this problem.  Since it is a script tag, that could open many a hole
later down the line that I haven't mentioned as well.  It's just another
reason to disable javascript and never use cookies for authentication.

I see where you're coming from on this. It enables a number of cross-site scripting attacks. I also see where they're coming from, though. If you don't complete the tags prior to processing, it could cause (at best) issues in the page or (at worst) could allow improper nesting to get around improper code restrictions (as was recently seen on internet explorer).

I think that the best solution might be to display a dialogue box before it tries to fix the tags stating that the page contains potentially unsafe incomplete tags and asking whether the browser should repair them or not.


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]