As Secunia has already confirmed version 3.5.1 is vulnerable too.
I tested it earlier and your proof of concept works 100%.
Very nice find :-)
Best Regards,
MaXe
hi ,jplopezy:
IN http://hi.baidu.com/xisigr/blog/item/edbcba00011864de267fb55a.html;,
127.0.0.1 is just a fictitious example.
See real examples:http://xisigr.googlepages.com/firefoxspoofing,test 1
is my,test 2 is your.some %20 for display a white space in the
Status Bar.
On Mon, Jul 27, 2009
Great!
We should fill up %20 as many as possible to hide the payloads in
some wider screens.
The JavaScript Test 2 example is great for stealth phishing attacks
while status bar spoofing is great for hiding our attack payload.
I also made a record for hiding XSS payload.
This also seems to be working in Safari Version 4.0.1 (5530.18)
On Mon, Jul 27, 2009 at 9:44 AM, secur...@intern0t.net wrote:
As Secunia has already confirmed version 3.5.1 is vulnerable too.
I tested it earlier and your proof of concept works 100%.
Very nice find :-)
Best Regards,
MaXe
Application: Firefox 3.0.11
OS: Windows XP - SP3
--
1 - Description
2 - Vulnerability
3 - POC/EXPLOIT
--
Description
This software is a popular web browser that supports multiple