Doesn't work in Gran Paradiso 3.0a7 On Dec 1, 2007 12:37 PM, Nate McFeters <[EMAIL PROTECTED]> wrote:
> > More than likely all the gecko based browsers will be vulnerable to this. > So that would include Mozilla, Camino, SeaMonkey... possibly even things > like Thunderbird if you could get it to render. > > Nice find guys! > > Nate > > On 12/1/07, Juha-Matti Laurio <[EMAIL PROTECTED]> wrote: > > > > Netscape Navigator version 9.0.0.4 is affected too. Test done with > > PoC-type URL mentioned on Mac OS X 10.4.10 fully patched. > > Vendor was contacted on 1st Dec 2007. > > > > - Juha-Matti > > > > carl hardwick <[EMAIL PROTECTED]> wrote: > > > Firefox 2.0.0.11 File Focus Stealing vulnerability: > > > > > > Sorry Mozilla, but the recent file focus fix was not enough. I think > > > Mozilla made another mistake while fixing the previous file/label > > > issue. Because now I embed a file field and a textfield inside one > > > label. When this happens, and you type only one time in the textfield, > > > the focus travels to the file field and the value travels with it. > > > Back to the drawing board I would say. I only got it to work in > > > Firefox, Gareth checked Safari for me, and it also works in Safari. I > > > guess this type of exploit could function on other HTML objects as > > > well, and could be very dangerous because it only requires a one time > > > focus in a textfield. > > > > > > PoC here: > > > > > http://carl-hardwick.googlegroups.com/web/Firefox20011StealFocusFlaw.htm > > > > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
