mailing list archives
Re: New flaw found in Firefox 126.96.36.199: Firefox file input focus vulnerabilities
From: Joseph Hick <leet16y () yahoo com>
Date: Mon, 2 Jul 2007 02:01:45 -0700 (PDT)
Oh! I was wrong. I didn't see file1's value is
assigned to text1's value.
certainly, it is a flaw as nicely explained by
I wrote a PoC myself and found that it's not necessary
to put focus on the label. focussing the file input
also works. I succeeded in writing the same PoC
without label with minor modifications.
--- Martin Thurau <laus () hrnz net> wrote:
i had exactly the same thoughts. the only thing to
wonder is, why
firefox process the actual input after it did the
"onkeydown". but this
is only "weird" and not a "flaw".
Joseph Hick wrote:
i didn't understand your poc.
you are copying the value of textarea into the
input yourself using this code.
so how is it a flaw?
--- carl hardwick <hardwick.carl () gmail com> wrote:
New flaw found in Firefox 188.8.131.52: Firefox file
input focus vulnerabilities:
credits by - Hong
No need to miss a message. Get email on-the-go
with Yahoo! Mail for Mobile. Get started.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Re: New flaw found in Firefox 184.108.40.206: Firefox file input focus vulnerabilities Joseph Hick (Jul 02)