mailing list archives
Re: Firescrolling [Firefox 1.0]
From: "mikx" <mikx () mikx de>
Date: Sat, 26 Feb 2005 20:27:30 +0100
Is fixed as part of mfsa 2005-27
----- Original Message -----
From: "Stan Bubrouski" <stan () ccs neu edu>
To: "Beauford, Jason" <jbeauford () EightInOnePet com>
Cc: "mikx" <mikx () mikx de>; <full-disclosure () lists netsys com>;
<bugtraq () securityfocus com>; <NTBUGTRAQ () LISTSERV NTBUGTRAQ COM>
Sent: Friday, February 25, 2005 10:33 PM
Subject: Re: Firescrolling [Firefox 1.0]
Are you sure its fixed???
Beauford, Jason wrote:
From: mikx [mailto:mikx () mikx de] Sent: Friday, February 25, 2005 3:11 AM
To: full-disclosure () lists netsys com; bugtraq () securityfocus com;
NTBUGTRAQ () LISTSERV NTBUGTRAQ COM
Subject: Firescrolling [Firefox 1.0]
Remember my Internet Explorer "scrollbar exploit" based on http-equiv's
"What a Drag"? When will people ever learn that "unusual user
interaction" can be hidden by common tasks...
arbitrary code by dragging a scrollbar two times.
The exploit is based on multiple vulnerabilities:
bugzilla.mozilla.org #280664 (fireflashing) bugzilla.mozilla.org #280056
(firetabbing) bugzilla.mozilla.org #281807 (firescrolling)
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0527 to this issue.
Tested with Firefox 1.0 on Windows and Linux (Fedora Core)
Michael Krax <mikx () mikx de>
Full-Disclosure - We believe in it.