lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <040401c50d3d$c175dbe0$4a00030a@netvision.ads>
Date: Mon, 7 Feb 2005 18:52:12 +0100
From: "mikx" <mikx@...x.de>
To: <full-disclosure@...ts.netsys.com>, <bugtraq@...urityfocus.com>,
        <NTBUGTRAQ@...TSERV.NTBUGTRAQ.COM>
Subject: Fireflashing [Firefox 1.0]


__Summary

Using plugins like Flash and the -moz-opacity filter it is possible to 
display the about:config site in a hidden frame or a new window.

By making the user double-click at a specific screen position (e.g. using a 
DHTML game) you can silently toggle the status of boolean config parameters.

As long as the number of about:config parameters is unchanged (unlikely a 
casual user will change them) you can move the parameter you want to the 
specified screen position by using CSS.

You can also load about:config using the real player plugin and merged url 
events. See the real producer documentation for details and merge a command 
like "u 0:0:0:0.0 0:0:0:30.0 &&targetframe&&about:config"

__Proof-of-Concept

http://www.mikx.de/fireflashing/

__Status

The bug is marked as fixed in bugzilla. Get a nightly build, compile on your 
own or wait for Firefox 1.0.1.

2005-02-01 Vendor informed (bugzilla.mozilla.org #280664)
2005-02-01 Vendor confirmed bug
2005-02-04 Vendor fixed bug
2005-02-07 Public disclosure

The Common Vulnerabilities and Exposures project (cve.mitre.org) has 
assigned the name CAN-2005-0232 to this issue.

__Affected Software

Tested with Firefox 1.0 and Mozilla 1.7.5

__Contact Informations

Michael Krax <mikx@...x.de>
http://www.mikx.de/?p=10

mikx

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ