Any sensitive data being leaked? A browser giving away its properties to a script should not be termed vulnerability.
Is it causing any of these... 1.) Loss of confidentiality 2.) Loss of integrity 3.) Loss of availability --- carl hardwick <[EMAIL PROTECTED]> wrote: > Firefox Remote Variable Leakage > > It is possible to read all variables that are set > inside Firefox. > That's right: ALL variables and registered objects > that are present > inside Javascript files and on runtime. It's even > possible to call > certain functions. That ranges from local Mozilla > config files to all > extensions registered inside Firefox. The example > below will show you > a list of a couple variables that were set. Note: it > is possible to > actively scan variables and hijack them when you > need to. I've tested > this against my own Firefox extension called: Fire > Encrypter. And I > was able to steal a dynamically generated password > successfully. > > PoC here: > http://www.0x000000.com/hacks/firefox/variables.html > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: > http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - > http://secunia.com/ > ____________________________________________________________________________________ Building a website is a piece of cake. Yahoo! Small Business gives you all the tools to get online. http://smallbusiness.yahoo.com/webhosting _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
