Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
[Full-disclosure] Firefox: onUnload tailgating (MSIE7 entrapment bug variant)
From: Michal Zalewski (lcamtufdione.ids.pl)
Date: Fri Feb 23 2007 - 06:49:41 CST
On Fri, 23 Feb 2007, Michal Zalewski wrote:
> Firefox isn't outright vulnerable to this problem, but judging from its
> behavior, it is likely to be susceptible to a variant of this bug
And indeed, susceptible it is. On the surface, the problem is even more
loaded one. Fortunately, at the time this is possible, 'document' and
'window' DOM hierarchies are not accessible - but then, 'location' is.
With a bit of clever trickery, we can mount the following attack:
As shown there, the problem is less serious than MSIE7 full-scale
Matrix-esque entrapment, but nevertheless - the bug is a cool one. And I
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/