lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Sat, 1 Aug 2009 21:45:44 +0300
From: "MustLive" <mustlive@...security.com.ua>
To: <bugtraq@...urityfocus.com>
Subject: Cross-Site Scripting vulnerabiliy in Firefox and Opera

Hello Bugtraq!

I want to warn you about Cross-Site Scripting vulnerability in Firefox and
Opera, which I found at 13.07.2009 and published last month at my site.

This advisory related to my advisory about Cross-Site Scripting
vulnerability in Mozilla, Firefox and Chrome
(http://www.securityfocus.com/archive/1/504972/30/0/threaded), but if there
was attack via refresh-header redirectors, then this time attack is via
location-header redirectors.

This Cross-Site Scripting vulnerability in browsers Firefox and Opera allows
to execute JavaScript code via location-header redirectors (and there are a
lot of them in Internet, more then refresh-header redirectors).

XSS:

With request to script at web site:

http://site/script.php?param=data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5jb29raWUpPC9zY3JpcHQ%2b

Which returns in answer the Location header and the code will execute in the
browser:

Location:
data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5jb29raWUpPC9zY3JpcHQ+

Vulnerable are Firefox 3.0.12 and Opera, but without access to cookies (the
same as in case of refresh-header redirectors), because code executed not in
context of original site. It can be used for fishing and executing of
JavaScript code (for malware spreading).

Vulnerable version is Mozilla Firefox 3.0.12 and previous versions (and 3.5
should be also vulnerable).

Vulnerable version is Opera 9.52 and previous versions (and
potentially next versions too).

I mentioned about this vulnerability at my site
(http://websecurity.com.ua/3323/).

P.S.

In my post about vulnerability at tinyurl.com
(http://websecurity.com.ua/3365/) I showed how this vulnerability in
browsers can be used for malware spreading via this redirecting service (and
other redirecting services in Internet).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua 


!DSPAM:4a748d98231141704614446!


Powered by blists - more mailing lists