lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <23227044.113251196554431449.JavaMail.juha-matti.laurio@netti.fi>
Date: Sun, 2 Dec 2007 02:13:51 +0200 (EET)
From: Juha-Matti Laurio <juha-matti.laurio@...ti.fi>
To: "Randal, Phil" <prandal@...efordshire.gov.uk>, 
	full-disclosure@...ts.grok.org.uk
Subject: Re: Firefox 2.0.0.11 File Focus Stealing
 vulnerability

N/A unfortunately, but BID26669 points to entries
https://bugzilla.mozilla.org/show_bug.cgi?id=258875
and
https://bugzilla.mozilla.org/show_bug.cgi?id=56236

via this older one advisory: http://www.securityfocus.com/bid/18308/references

Link: http://www.securityfocus.com/bid/26669/discuss

(Probably BID18038 mentioned is a typo...)

- Juha-Matti


"Randal, Phil" <prandal@...efordshire.gov.uk> kirjoitti: 
> 
>  And the Mozilla bugzilla number is?
> 
> 
> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk
> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of
> Juha-Matti Laurio
> Sent: 01 December 2007 15:25
> To: carl hardwick; full-disclosure@...ts.grok.org.uk
> Subject: Re: [Full-disclosure] Firefox 2.0.0.11 File Focus Stealing
> vulnerability
> 
> Netscape Navigator version 9.0.0.4 is affected too. Test done with
> PoC-type URL mentioned on Mac OS X 10.4.10 fully patched.
> Vendor was contacted on 1st Dec 2007.
> 
> - Juha-Matti
> 
> carl hardwick <hardwick.carl@...il.com> wrote: 
> > Firefox 2.0.0.11 File Focus Stealing vulnerability:
> > 
> > Sorry Mozilla, but the recent file focus fix was not enough. I think 
> > Mozilla made another mistake while fixing the previous file/label 
> > issue. Because now I embed a file field and a textfield inside one 
> > label. When this happens, and you type only one time in the textfield,
> 
> > the focus travels to the file field and the value travels with it.
> > Back to the drawing board I would say. I only got it to work in 
> > Firefox, Gareth checked Safari for me, and it also works in Safari. I 
> > guess this type of exploit could function on other HTML objects as 
> > well, and could be very dangerous because it only requires a one time 
> > focus in a textfield.
> > 
> > PoC here:
> > http://carl-hardwick.googlegroups.com/web/Firefox20011StealFocusFlaw.h
> > tm
> > 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ