Full Disclosure: Re: Firefox focus stealing vulnerability (possibly other browsers)

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: Firefox focus stealing vulnerability (possibly other browsers)

From: Michal Zalewski <lcamtuf () dione ids pl>
Date: Sun, 11 Feb 2007 21:54:40 +0100 (CET)

On Sun, 11 Feb 2007, Michal Zalewski wrote:

This was tested with 2.0.0.1. Opera is most likely not vulnerable;
Microsoft Internet Explorer is not vulnerable as-is, but might be
vulnerable to a variant of the attack.


And indeed - here's a MSIE 7.0 demo:

http://lcamtuf.coredump.cx/focusbug/ieversion.html

Somewhat less pretty and straightforward, but equally sad.

/mz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Firefox focus stealing vulnerability (possibly other browsers) Michal Zalewski (Feb 11)
- Re: Firefox focus stealing vulnerability (possibly other browsers) Michal Zalewski (Feb 11)
  - Re: Firefox focus stealing vulnerability (possibly other browsers) Michal Zalewski (Feb 11)
    - Re: Firefox focus stealing vulnerability (possibly other browsers) Michal Zalewski (Feb 11)
    - Re: Firefox focus stealing vulnerability (possibly other browsers) pdp (architect) (Feb 11)
    - Re: Firefox focus stealing vulnerability (possibly other browsers) Michal Zalewski (Feb 11)
    - Re: Firefox focus stealing vulnerability (possibly other browsers) Ben Bucksch (Feb 11)