[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <5d80962a0712011200m280cfceblbf0bec30a86d0b56@mail.gmail.com>
Date: Sat, 1 Dec 2007 15:00:22 -0500
From: "Static Rez" <staticrez@...il.com>
To: "Nate McFeters" <nate.mcfeters@...il.com>
Cc: full-disclosure@...ts.grok.org.uk, carl hardwick <hardwick.carl@...il.com>
Subject: Re: Firefox 2.0.0.11 File Focus Stealing
vulnerability
Doesn't work in Gran Paradiso 3.0a7
On Dec 1, 2007 12:37 PM, Nate McFeters <nate.mcfeters@...il.com> wrote:
>
> More than likely all the gecko based browsers will be vulnerable to this.
> So that would include Mozilla, Camino, SeaMonkey... possibly even things
> like Thunderbird if you could get it to render.
>
> Nice find guys!
>
> Nate
>
> On 12/1/07, Juha-Matti Laurio <juha-matti.laurio@...ti.fi> wrote:
> >
> > Netscape Navigator version 9.0.0.4 is affected too. Test done with
> > PoC-type URL mentioned on Mac OS X 10.4.10 fully patched.
> > Vendor was contacted on 1st Dec 2007.
> >
> > - Juha-Matti
> >
> > carl hardwick <hardwick.carl@...il.com> wrote:
> > > Firefox 2.0.0.11 File Focus Stealing vulnerability:
> > >
> > > Sorry Mozilla, but the recent file focus fix was not enough. I think
> > > Mozilla made another mistake while fixing the previous file/label
> > > issue. Because now I embed a file field and a textfield inside one
> > > label. When this happens, and you type only one time in the textfield,
> > > the focus travels to the file field and the value travels with it.
> > > Back to the drawing board I would say. I only got it to work in
> > > Firefox, Gareth checked Safari for me, and it also works in Safari. I
> > > guess this type of exploit could function on other HTML objects as
> > > well, and could be very dangerous because it only requires a one time
> > > focus in a textfield.
> > >
> > > PoC here:
> > >
> > http://carl-hardwick.googlegroups.com/web/Firefox20011StealFocusFlaw.htm
> > >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists