lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <166868.5267.qm@web38007.mail.mud.yahoo.com>
Date: Mon, 2 Jul 2007 02:01:45 -0700 (PDT)
From: Joseph Hick <leet16y@...oo.com>
To: Martin Thurau <laus@...z.net>, full-disclosure@...ts.grok.org.uk
Subject: Re: New flaw found in Firefox 2.0.0.4: Firefox
	file input focus vulnerabilities

Oh! I was wrong. I didn't see file1's value is
assigned to text1's value.

certainly, it is a flaw as nicely explained by
Zalewski.

I wrote a PoC myself and found that it's not necessary
to put focus on the label. focussing the file input
also works. I succeeded in writing the same PoC
without label with minor modifications.

--- Martin Thurau <laus@...z.net> wrote:

> i had exactly the same thoughts. the only thing to
> wonder is, why
> firefox process the actual input after it did the
> "onkeydown". but this
> is only "weird" and not a "flaw".
> 
> 
> Joseph Hick wrote:
> > i didn't understand your poc.
> > 
> > you are copying the value of textarea into the
> file
> > input yourself using this code.
> > 
> >
>
document.getElementById("text1").value=document.getElementById("file1").value;
> > document.getElementById("text1").focus();
> > 
> > so how is it a flaw?
> > 
> > 
> > --- carl hardwick <hardwick.carl@...il.com> wrote:
> > 
> >> New flaw found in Firefox 2.0.0.4: Firefox file
> >> input focus vulnerabilities:
> >> [...]
> >> PoC here:
> >>
> http://yathong.googlepages.com/FirefoxFocusBug.html
> >>
> >> credits by - Hong
> >>



 
____________________________________________________________________________________
No need to miss a message. Get email on-the-go 
with Yahoo! Mail for Mobile. Get started.
http://mobile.yahoo.com/mail 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ