Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities
From: Martin Thurau <laus () hrnz net>
Date: Sat, 30 Jun 2007 16:17:14 +0200

i had exactly the same thoughts. the only thing to wonder is, why
firefox process the actual input after it did the "onkeydown". but this
is only "weird" and not a "flaw".


Joseph Hick wrote:
i didn't understand your poc.

you are copying the value of textarea into the file
input yourself using this code.

document.getElementById("text1").value=document.getElementById("file1").value;
document.getElementById("text1").focus();

so how is it a flaw?


--- carl hardwick <hardwick.carl () gmail com> wrote:

New flaw found in Firefox 2.0.0.4: Firefox file
input focus vulnerabilities:
[...]
PoC here:
http://yathong.googlepages.com/FirefoxFocusBug.html

credits by - Hong

_______________________________________________
Full-Disclosure - We believe in it.
Charter:

http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
http://secunia.com/




       
____________________________________________________________________________________
Get the Yahoo! toolbar and be alerted to new email wherever you're surfing.
http://new.toolbar.yahoo.com/toolbar/features/mail/index.php

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault