|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Firescrolling [Firefox 1.0]
From: mikx (mikx
MIKX.DE)
Date: Fri Feb 25 2005 - 02:10:30 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
__Summary
Remember my Internet Explorer "scrollbar exploit" based on http-equiv's
"What a Drag"? When will people ever learn that "unusual user interaction"
can be hidden by common tasks...
Let's combine fireflashing, firetabbing, xul and javascript to run arbitrary
code by dragging a scrollbar two times.
__Proof-of-Concept
http://www.mikx.de/firescrolling/
__Status
The exploit is based on multiple vulnerabilities:
bugzilla.mozilla.org #280664 (fireflashing)
bugzilla.mozilla.org #280056 (firetabbing)
bugzilla.mozilla.org #281807 (firescrolling)
Upgrade to Firefox 1.0.1 or disable javascript.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0527 to this issue.
__Affected Software
Tested with Firefox 1.0 on Windows and Linux (Fedora Core)
__Contact Informations
Michael Krax <mikxmikx.de>
http://www.mikx.de/?p=11
mikx
--
NTBugtraq Editor's Note:
Most viruses these days use spoofed email addresses. As such, using an Anti-Virus product which automatically notifies the perceived sender of a message it believes is infected may well cause more harm than good. Someone who did not actually send you a virus may receive the notification and scramble their support staff to find an infection which never existed in the first place. Suggest such notifications be disabled by whomever is responsible for your AV, or at least that the idea is considered.
--
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]