Re: [Full-disclosure] Firefox 2.0.0.11 File Focus Stealing vulnerability

Sun, 02 Dec 2007 01:35:21 -0800 

It appears that BID 26669 doesn't list these Bugzilla entries any more.

- Juha-Matti

Juha-Matti Laurio <[EMAIL PROTECTED]> kirjoitti: 
> N/A unfortunately, but BID26669 points to entries
> https://bugzilla.mozilla.org/show_bug.cgi?id=258875
> and
> https://bugzilla.mozilla.org/show_bug.cgi?id=56236
> 
> via this older one advisory: http://www.securityfocus.com/bid/18308/references
> 
> Link: http://www.securityfocus.com/bid/26669/discuss
> 
> (Probably BID18038 mentioned is a typo...)
> 
> - Juha-Matti
> 
> 
> "Randal, Phil" <[EMAIL PROTECTED]> kirjoitti: 
> > 
> >  And the Mozilla bugzilla number is?
> > 
> > 
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of
> > Juha-Matti Laurio
> > Sent: 01 December 2007 15:25
> > To: carl hardwick; [email protected]
> > Subject: Re: [Full-disclosure] Firefox 2.0.0.11 File Focus Stealing
> > vulnerability
> > 
> > Netscape Navigator version 9.0.0.4 is affected too. Test done with
> > PoC-type URL mentioned on Mac OS X 10.4.10 fully patched.
> > Vendor was contacted on 1st Dec 2007.
> > 
> > - Juha-Matti
> > 
> > carl hardwick <[EMAIL PROTECTED]> wrote: 
> > > Firefox 2.0.0.11 File Focus Stealing vulnerability:
> > > 
> > > Sorry Mozilla, but the recent file focus fix was not enough. I think 
> > > Mozilla made another mistake while fixing the previous file/label 
> > > issue. Because now I embed a file field and a textfield inside one 
> > > label. When this happens, and you type only one time in the textfield,
> > 
> > > the focus travels to the file field and the value travels with it.
> > > Back to the drawing board I would say. I only got it to work in 
> > > Firefox, Gareth checked Safari for me, and it also works in Safari. I 
> > > guess this type of exploit could function on other HTML objects as 
> > > well, and could be very dangerous because it only requires a one time 
> > > focus in a textfield.
> > > 
> > > PoC here:
> > > http://carl-hardwick.googlegroups.com/web/Firefox20011StealFocusFlaw.h
> > > tm
> > > 
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Reply via email to