Re: [Full-disclosure] Firefox bookmark cross-domain surfing vulnerability

2007-02-22 Thread pdp (architect)
This vulnerability is cute but not very useful mainly because a lot of social engineering is required. However, here is an interesting thought for you: instead of asking the user into bookmarking a page you can supply the bookmark directly to their browser by using Live Bookmarks. So, a

Re: [Full-disclosure] Firefox bookmark cross-domain surfing vulnerability

2007-02-22 Thread Michal Zalewski
On Thu, 22 Feb 2007, pdp (architect) wrote: This vulnerability is cute but not very useful mainly because a lot of social engineering is required. Well, very little trickery is required - having a person bookmark an interesting page and then reopen it later on, while the browser is still on

Re: [Full-disclosure] Firefox bookmark cross-domain surfing vulnerability

2007-02-22 Thread Daniel Veditz
pdp (architect) wrote: However, here is an interesting thought for you: instead of asking the user into bookmarking a page you can supply the bookmark directly to their browser by using Live Bookmarks. So, a mainstream attack will be when a SPLOG network injects malicious links into their

Re: [Full-disclosure] Firefox bookmark cross-domain surfing vulnerability

2007-02-21 Thread Tyop?
On 2/22/07, Michal Zalewski [EMAIL PROTECTED] wrote: There is an interesting vulnerability in how Firefox handles bookmarks. The flaw allows the attacker to steal credentials from commonly used browser start sites (for Firefox, Google is the seldom changed default; that means exposure of GMail

[Full-disclosure] Firefox bookmark cross-domain surfing vulnerability

2007-02-21 Thread Michal Zalewski
There is an interesting vulnerability in how Firefox handles bookmarks. The flaw allows the attacker to steal credentials from commonly used browser start sites (for Firefox, Google is the seldom changed default; that means exposure of GMail authentication cookies, etc). The problem: it is

Re: [Full-disclosure] Firefox bookmark cross-domain surfing vulnerability

2007-02-21 Thread pdp (architect)
michal, is that a feature or a bug? maybe it is not obivous to me what you are doing but it i feel that it is almost like asking the user to bookmark a bookmarklet. of course it is a security problem if you execute untrusted bookmarklet on a page :). On 2/21/07, Michal Zalewski [EMAIL PROTECTED]

Re: [Full-disclosure] Firefox bookmark cross-domain surfing vulnerability

2007-02-21 Thread Michal Zalewski
On Thu, 22 Feb 2007, pdp (architect) wrote: michal, is that a feature or a bug? maybe it is not obivous to me what you are doing but it i feel that it is almost like asking the user to bookmark a bookmarklet. Bookmarklets should be bookmarkable only manually, with user knowledge and consent

Re: [Full-disclosure] Firefox bookmark cross-domain surfing vulnerability

2007-02-21 Thread v3dt3n
On 2/22/07, Michal Zalewski [EMAIL PROTECTED] wrote: There is an interesting vulnerability in how Firefox handles bookmarks. The flaw allows the attacker to steal credentials from commonly used browser start sites (for Firefox, Google is the seldom changed default; that means exposure of