Full Disclosure: Re: Firefox/MSIE focus stealing vulnerability

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: Firefox/MSIE focus stealing vulnerability - clarification

From: Marcello Barnaba <marcello () softmedia info>
Date: Tue, 13 Feb 2007 06:04:09 +0100

Hi,

On Tuesday 13 February 2007 05:44, Tyop? wrote:

http://lcamtuf.coredump.cx/focusbug/index.html

Without JavaScript on, this doesn't work. See http://noscript.net/

Without a browser too, this doesn't work. See
http://netcat.sourceforge.net/


DONT TRY THIS AT HOME.

I started to mentally evaluate the lcamtuf code and had half myself injected 
and uploaded on Zalewski's host. I am writing this in an hope that he can 
send back a pcap dump or I could not be able to regain human form.

You have been warned.
-- 
pub 1024D/8D2787EF  723C 7CA3 3C19 2ACE  6E20 9CC1 9956 EB3C 8D27 87EF

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Re: Firefox focus stealing vulnerability (possibly other browsers), (continued)
- Firefox/MSIE focus stealing vulnerability - clarification Michal Zalewski (Feb 11)
  - Re: Firefox/MSIE focus stealing vulnerability - clarification Marcello Barnaba (Feb 12)
  - Re: Firefox/MSIE focus stealing vulnerability - clarification Ruud H.G. van Tol (Feb 12)
    - Re: Firefox/MSIE focus stealing vulnerability - clarification Tyop? (Feb 12)
    - Re: Firefox/MSIE focus stealing vulnerability - clarification Marcello Barnaba (Feb 12)