lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 28 Aug 2009 22:07:40 +0300
From: "MustLive" <mustlive@...security.com.ua>
To: <bugtraq@...urityfocus.com>
Subject: Cross-Site Scripting vulnerability in Mozilla, Firefox, SeaMonkey, Orca Browser and Maxthon

Hello Bugtraq!

I want to warn you about Cross-Site Scripting vulnerability in Mozilla, 
Firefox, SeaMonkey, Orca Browser and Maxthon.

As I wrote about this vulnerability at my site
(http://websecurity.com.ua/3373/) at 30.07.2009, I found vulnerability in
Mozilla and Firefox 3.0.12 (and later checked in 3.0.13). Which allows to
bypass protection from executing of JavaScript code in location-header
redirectors (by redirecting to javascript: URI).

In Firefox at the sites, which use answer "302 Object moved" at request to
location-header redirector with setting of JavaScript code, the browser will
show "Object Moved" page, where there is this code in the link “here”. At
click on which the code will execute. I.e. it is Strictly social XSS.

XSS:

With request to script at web site:

http://site/script.php?param=javascript:alert(document.cookie)

Which returns in answer the Location header:

HTTP/1.x 302 Object moved
Location: javascript:alert%28document.cookie%29

The browser will show “Object Moved” page. At click on the link “here” the
code will execute in context of this site.

Vulnerable versions are Mozilla 1.7.x and previous versions.

Vulnerable versions are Firefox 3.0.13 and previous versions (and 3.5.x
should be also vulnerable).

As I wrote in my article Cross-Site Scripting attacks via redirectors
(http://websecurity.com.ua/3386/), later I found that this vulnerability
also exists in browsers SeaMonkey 1.1.17, Firefox 3.6 a1 pre, Firefox 3.7 a1
pre, Orca Browser 1.2 build 5 and Maxthon 3 Alpha (3.0.0.145) with
Ultramode.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ