lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sun, 2 Dec 2007 11:34:42 +0200 (EET)
From: Juha-Matti Laurio <juha-matti.laurio@...ti.fi>
To: "Randal, Phil" <prandal@...efordshire.gov.uk>, 
	full-disclosure@...ts.grok.org.uk
Subject: Re: Firefox 2.0.0.11 File Focus Stealing
 vulnerability

It appears that BID 26669 doesn't list these Bugzilla entries any more.

- Juha-Matti

Juha-Matti Laurio <juha-matti.laurio@...ti.fi> kirjoitti: 
> N/A unfortunately, but BID26669 points to entries
> https://bugzilla.mozilla.org/show_bug.cgi?id=258875
> and
> https://bugzilla.mozilla.org/show_bug.cgi?id=56236
> 
> via this older one advisory: http://www.securityfocus.com/bid/18308/references
> 
> Link: http://www.securityfocus.com/bid/26669/discuss
> 
> (Probably BID18038 mentioned is a typo...)
> 
> - Juha-Matti
> 
> 
> "Randal, Phil" <prandal@...efordshire.gov.uk> kirjoitti: 
> > 
> >  And the Mozilla bugzilla number is?
> > 
> > 
> > -----Original Message-----
> > From: full-disclosure-bounces@...ts.grok.org.uk
> > [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of
> > Juha-Matti Laurio
> > Sent: 01 December 2007 15:25
> > To: carl hardwick; full-disclosure@...ts.grok.org.uk
> > Subject: Re: [Full-disclosure] Firefox 2.0.0.11 File Focus Stealing
> > vulnerability
> > 
> > Netscape Navigator version 9.0.0.4 is affected too. Test done with
> > PoC-type URL mentioned on Mac OS X 10.4.10 fully patched.
> > Vendor was contacted on 1st Dec 2007.
> > 
> > - Juha-Matti
> > 
> > carl hardwick <hardwick.carl@...il.com> wrote: 
> > > Firefox 2.0.0.11 File Focus Stealing vulnerability:
> > > 
> > > Sorry Mozilla, but the recent file focus fix was not enough. I think 
> > > Mozilla made another mistake while fixing the previous file/label 
> > > issue. Because now I embed a file field and a textfield inside one 
> > > label. When this happens, and you type only one time in the textfield,
> > 
> > > the focus travels to the file field and the value travels with it.
> > > Back to the drawing board I would say. I only got it to work in 
> > > Firefox, Gareth checked Safari for me, and it also works in Safari. I 
> > > guess this type of exploit could function on other HTML objects as 
> > > well, and could be very dangerous because it only requires a one time 
> > > focus in a textfield.
> > > 
> > > PoC here:
> > > http://carl-hardwick.googlegroups.com/web/Firefox20011StealFocusFlaw.h
> > > tm
> > > 
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ