Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure: New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities

New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities

From: carl hardwick <hardwick.carl_at_gmail.com>
Date: Sat, 30 Jun 2007 17:14:39 +0200

PoC here: http://yathong.googlepages.com/FirefoxFocusBug.html

The vulnerability allows the attacker to silently redirect focus of
selected key press events to an otherwise protected file upload form
field. This is possible because of how onKeyDown event is handled,
allowing the focus to be moved between the two. This enables the
attacker to read arbitrary files on victim's system.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Jun 30 2007

This message: [ Message body ]
Next message: Nikolay Kichukov: "Re: DOS on phrack?"
Previous message: Martin Thurau: "Re: New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities"
Next in thread: Joseph Hick: "Re: New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities"
Reply: Joseph Hick: "Re: New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities"
Reply: Michal Zalewski: "Re: New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]