Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities
From: Joseph Hick <leet16y () yahoo com>
Date: Mon, 2 Jul 2007 02:01:45 -0700 (PDT)

Oh! I was wrong. I didn't see file1's value is
assigned to text1's value.

certainly, it is a flaw as nicely explained by
Zalewski.

I wrote a PoC myself and found that it's not necessary
to put focus on the label. focussing the file input
also works. I succeeded in writing the same PoC
without label with minor modifications.

--- Martin Thurau <laus () hrnz net> wrote:

i had exactly the same thoughts. the only thing to
wonder is, why
firefox process the actual input after it did the
"onkeydown". but this
is only "weird" and not a "flaw".


Joseph Hick wrote:
i didn't understand your poc.

you are copying the value of textarea into the
file
input yourself using this code.



document.getElementById("text1").value=document.getElementById("file1").value;
document.getElementById("text1").focus();

so how is it a flaw?


--- carl hardwick <hardwick.carl () gmail com> wrote:

New flaw found in Firefox 2.0.0.4: Firefox file
input focus vulnerabilities:
[...]
PoC here:

http://yathong.googlepages.com/FirefoxFocusBug.html

credits by - Hong




 
____________________________________________________________________________________
No need to miss a message. Get email on-the-go 
with Yahoo! Mail for Mobile. Get started.
http://mobile.yahoo.com/mail 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault