Full Disclosure: Re: New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities

From: Martin Thurau <laus_at_hrnz.net>
Date: Sat, 30 Jun 2007 16:17:14 +0200

i had exactly the same thoughts. the only thing to wonder is, why
firefox process the actual input after it did the "onkeydown". but this
is only "weird" and not a "flaw".

Joseph Hick wrote:
> i didn't understand your poc.
>
> you are copying the value of textarea into the file
> input yourself using this code.
>
> document.getElementById("text1").value=document.getElementById("file1").value;
> document.getElementById("text1").focus();
>
> so how is it a flaw?
>
>
> --- carl hardwick <hardwick.carl_at_gmail.com> wrote:
>
>> New flaw found in Firefox 2.0.0.4: Firefox file
>> input focus vulnerabilities:
>> [...]
>> PoC here:
>> http://yathong.googlepages.com/FirefoxFocusBug.html
>>
>> credits by - Hong
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter:
>>
> http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia -
>> http://secunia.com/
>>
>
>
>
>
> ____________________________________________________________________________________
> Get the Yahoo! toolbar and be alerted to new email wherever you're surfing.
> http://new.toolbar.yahoo.com/toolbar/features/mail/index.php
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Jun 30 2007