| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 30 Jun 2007 06:54:29 -0700 (PDT)
From: Joseph Hick <leet16y@...oo.com>
To: carl hardwick <hardwick.carl@...il.com>, full-disclosure@...ts.grok.org.uk
Subject: Re: New flaw found in Firefox 2.0.0.4: Firefox
file input focus vulnerabilities
i didn't understand your poc.
you are copying the value of textarea into the file
input yourself using this code.
document.getElementById("text1").value=document.getElementById("file1").value;
document.getElementById("text1").focus();
so how is it a flaw?
--- carl hardwick <hardwick.carl@...il.com> wrote:
> New flaw found in Firefox 2.0.0.4: Firefox file
> input focus vulnerabilities:
> This demo is very simple. when you input some text
> in the textarea,
> the file input element's value will also change to
> it. I tested it on
> Firefox 1.5.0.12 and 2.0.0.4.
>
> PoC here:
> http://yathong.googlepages.com/FirefoxFocusBug.html
>
> credits by - Hong
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
>
http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia -
> http://secunia.com/
>
____________________________________________________________________________________
Get the Yahoo! toolbar and be alerted to new email wherever you're surfing.
http://new.toolbar.yahoo.com/toolbar/features/mail/index.php
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists