Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Firefox/MSIE focus stealing vulnerability - clarification
From: Michal Zalewski <lcamtuf () dione ids pl>
Date: Mon, 12 Feb 2007 00:01:56 +0100 (CET)

After some research, I can offer this clarification:

  1) The MSIE 7 attack vector I described is a distinctive, new
     vulnerability that differs from the attack reported by Charles
     McAuley and Bart van Arnhem. Attacks described by them were
     fixed in MSIE7 (although MSIE6 is still exposed to the original

     My vulnerability attacks the same form control, but in a different
     manner. Again, the demo for this vulnerability is here:

  2) The Firefox attack vector is related to the Charles' CVE-2006-2894,
     which in turn was a rediscovery of a problem known to Mozilla since
     2000 (!); attempts to fix it in official releases failed because the
     problem was repeatedly marked as a duplicate of a too narrowly
     defined issue with control hiding. A broader redesign probably
     eliminated the issue in development branches, but it still affects
     Firefox 1.5 and 2.0.

     This can be considered an independent rediscovery and a more
     practical demonstration of a previously reported vulnerability.
     The exploit is here: http://lcamtuf.coredump.cx/focusbug/index.html


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]