lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: badpenguin79 at hotmail.com (Giovanni Delvecchio)
Subject: Disclosure of local file content in Mozilla Firefox and
 Opera

Which you wrote is correct, indeed i have specified in my message:

>Anyway it cannot be exploited "directly" by a remote site, but only if the 
>page is opened from a local path ( file://localpath/code.htm),  since the  
>iframe belongs to a local domain.
>
>Note: with Internet Explorer these PoCs doesn't work even in local.

My target was explain how a remote user could take advantage by this 
feature.
I illustrated also a possible method of remote exploitation.

But at this point i have a question: if it is a normal behavior, why in Ms 
Internet Explorer i cannot reproduce this problem even in local zone?
Maybe different implementation? IMHO it's strange.


Regards,
Giovanni Delvecchio


>
>This is not a vulnerability, it is expected behavior.
>
>Mozilla shares the same zone design as IE which means that a file from the 
>local file zone can read any other file from the local file zone. You 
>cannot use this approach to read a local file from another zone such as the 
>Internet zone. From the Internet zone, you can also only read the content 
>of files from the same zone, same protocol and same domain.
>
>I agree that Mozilla has implemented quite a lot of proprietary IE 
>extensions which it should have not done, however reading the innerHTML of 
>an element through document.all does not circumvent the traditional zone 
>security checks already in place.
>
>
>
>Regards
>
>Thor Larholm
>Senior Security Researcher
>PivX Solutions
>23 Corporate Plaza #280
>Newport Beach, CA 92660
>http://www.pivx.com
>thor@...x.com
>Stock symbol: (PIVX.OB)
>Phone: +1 (949) 231-8496
>PGP: 0x4207AEE9
>B5AB D1A4 D4FD 5731 89D6  20CD 5BDB 3D99 4207 AEE9
>
>PivX defines a new genre in Desktop Security: Proactive Threat Mitigation.
><http://www.pivx.com/qwikfix>
>
>

_________________________________________________________________
Scarica gratuitamente MSN Toolbar! http://toolbar.msn.it/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ