This vulnerability is cute but not very useful mainly because a lot of
social engineering is required.
However, here is an interesting thought for you: instead of asking the
user into bookmarking a page you can supply the bookmark directly to
their browser by using Live Bookmarks. So, a
On Thu, 22 Feb 2007, pdp (architect) wrote:
This vulnerability is cute but not very useful mainly because a lot of
social engineering is required.
Well, very little trickery is required - having a person bookmark an
interesting page and then reopen it later on, while the browser is still
on
pdp (architect) wrote:
However, here is an interesting thought for you: instead of asking the
user into bookmarking a page you can supply the bookmark directly to
their browser by using Live Bookmarks. So, a mainstream attack will be
when a SPLOG network injects malicious links into their
On 2/22/07, Michal Zalewski [EMAIL PROTECTED] wrote:
There is an interesting vulnerability in how Firefox handles bookmarks.
The flaw allows the attacker to steal credentials from commonly used
browser start sites (for Firefox, Google is the seldom changed default;
that means exposure of GMail
There is an interesting vulnerability in how Firefox handles bookmarks.
The flaw allows the attacker to steal credentials from commonly used
browser start sites (for Firefox, Google is the seldom changed default;
that means exposure of GMail authentication cookies, etc).
The problem: it is
michal, is that a feature or a bug? maybe it is not obivous to me what
you are doing but it i feel that it is almost like asking the user to
bookmark a bookmarklet. of course it is a security problem if you
execute untrusted bookmarklet on a page :).
On 2/21/07, Michal Zalewski [EMAIL PROTECTED]
On Thu, 22 Feb 2007, pdp (architect) wrote:
michal, is that a feature or a bug? maybe it is not obivous to me what
you are doing but it i feel that it is almost like asking the user to
bookmark a bookmarklet.
Bookmarklets should be bookmarkable only manually, with user knowledge and
consent
On 2/22/07, Michal Zalewski [EMAIL PROTECTED] wrote:
There is an interesting vulnerability in how Firefox handles bookmarks.
The flaw allows the attacker to steal credentials from commonly used
browser start sites (for Firefox, Google is the seldom changed default;
that means exposure of