lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060418143834.5326.qmail@securityfocus.com>
Date: 18 Apr 2006 14:38:34 -0000
From: miky@...il.com
To: bugtraq@...urityfocus.com
Subject: Another flaw in Firefox 1.5.0.2: to open files from remote


https://bugzilla.mozilla.org/show_bug.cgi?id=334341

It is possible by a malicious web site to open local content in the browser by tricking a user into right-clicking and choosing "View Image" on a broken image, which is referencing a local resource (e.g. via the file: URI handler).

This may be exploited in combination with other vulnerabilities.

The weakness has been confirmed in version 1.5.0.2. Other versions may also be affected.

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.2)
Gecko/20060308 Firefox/1.5.0.2
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.2)
Gecko/20060308 Firefox/1.5.0.2

A bug has been discovered by myself(TeamOverload) in Firefox
1.5.0.2(other versions are probably affected too). Through a
specially crafted webpage you can have any file be disguised as an
image. If you then right click-view image, the file will attempt to
download or just run if it is on the bypass list. Some extensions
such as .wma are defaulted like that and a malformed wma can be loaded
just by going to view image. Other websites can be loaded this way as
well.

Reproducible: Always

Steps to Reproduce:
1.Download attached archive that causes problem
2.Launch web page, and right click and choose show image on both
3.First image should open WindowsMediaPlayer and the second should go to a
different web page.

Actual Results: 
Both WMP and the alternate web page opened.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ