On Mon, 2 Jul 2007, Joseph Hick wrote:
I succeeded in writing the same PoC without label with minor
modifications.
Would that allow you to selectively redirect keystrokes (that is, check
event's keycode)? More importantly, does Carl's original example allow
that?:-)
An example of event check
i didn't understand your poc.
you are copying the value of textarea into the file
input yourself using this code.
document.getElementById(text1).value=document.getElementById(file1).value;
document.getElementById(text1).focus();
so how is it a flaw?
--- carl hardwick [EMAIL PROTECTED] wrote:
PoC here: http://yathong.googlepages.com/FirefoxFocusBug.html
The vulnerability allows the attacker to silently redirect focus of
selected key press events to an otherwise protected file upload form
field. This is possible because of how onKeyDown event is handled,
allowing the focus to be moved
This doesn't seem like a security flaw to me.
input type=file id=file1 name=file1
onkeydown=restore(); onkeyup=restore() /
label for=file1 id=label1 name=label1/label
br
textarea name=text1 id=text1
onkeydown=doKeyDown()
function doKeyDown()
{
document.getElementById(label1).focus();
}
On Sat, 30 Jun 2007, carl hardwick wrote:
The vulnerability allows the attacker to silently redirect focus of
selected key press events to an otherwise protected file upload form
field. This is possible because of how onKeyDown event is handled,
allowing the focus to be moved between the two.
On Sat, 30 Jun 2007, Joseph Hick wrote:
This doesn't seem like a security flaw to me.
This is somewhat similar to my focus stealing bugs described here:
http://lcamtuf.coredump.cx/focusbug/
...though seems to work on patched Firefox because of a clever use of
label-based aliasing.
Now, the
On 6/30/07, carl hardwick [EMAIL PROTECTED] wrote:
New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities:
This demo is very simple. when you input some text in the textarea,
the file input element's value will also change to it. I tested it on
Firefox 1.5.0.12 and
On 7/1/07, ascii [EMAIL PROTECTED] wrote:
carl hardwick wrote:
PoC here: http://yathong.googlepages.com/FirefoxFocusBug.html
The vulnerability allows the attacker to silently redirect focus
[...]
many thanks for sharing this : )
it's a pretty serious vulnerability as said by Zalewski