mailing list archives
RE: Firescrolling [Firefox 1.0]
From: "Eric McCarty" <eric () piteduncan com>
Date: Fri, 25 Feb 2005 09:36:37 -0800
Confirmed Exploit works in Firefox 1.0, however on a side note Microsoft
Anti-spyware prevented the script from executing.
Internet Security Officer
From: mikx [mailto:mikx () mikx de]
Sent: Friday, February 25, 2005 12:11 AM
To: full-disclosure () lists netsys com; bugtraq () securityfocus com;
NTBUGTRAQ () LISTSERV NTBUGTRAQ COM
Subject: Firescrolling [Firefox 1.0]
Remember my Internet Explorer "scrollbar exploit" based on http-equiv's
"What a Drag"? When will people ever learn that "unusual user
can be hidden by common tasks...
arbitrary code by dragging a scrollbar two times.
The exploit is based on multiple vulnerabilities:
bugzilla.mozilla.org #280664 (fireflashing) bugzilla.mozilla.org #280056
(firetabbing) bugzilla.mozilla.org #281807 (firescrolling)
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0527 to this issue.
Tested with Firefox 1.0 on Windows and Linux (Fedora Core)
Michael Krax <mikx () mikx de>
Full-Disclosure - We believe in it.