lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 30 Jun 2007 17:14:39 +0200 From: "carl hardwick" <hardwick.carl@...il.com> To: Full-Disclosure@...ts.grok.org.uk Subject: New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities PoC here: http://yathong.googlepages.com/FirefoxFocusBug.html The vulnerability allows the attacker to silently redirect focus of selected key press events to an otherwise protected file upload form field. This is possible because of how onKeyDown event is handled, allowing the focus to be moved between the two. This enables the attacker to read arbitrary files on victim's system. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/