1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Mozilla Firefox Image Javascript URI Dragging Cross-Site Scripting

Discussion in 'Firefox, Thunderbird & SeaMonkey' started by Ramona, 2005/03/01.

Thread Status:
Not open for further replies.
  1. 2005/03/01
    Ramona

    Ramona Geek Member Alumni Thread Starter

    Joined:
    2001/12/31
    Messages:
    7,481
    Likes Received:
    2
    TITLE:
    Mozilla Firefox Image Javascript URI Dragging Cross-Site Scripting

    SECUNIA ADVISORY ID:
    SA14406

    VERIFY ADVISORY:
    http://secunia.com/advisories/14406/

    CRITICAL:
    Less critical

    IMPACT:
    Cross Site Scripting

    WHERE:
    >From remote

    SOFTWARE:
    Mozilla Firefox 0.x
    http://secunia.com/product/3256/
    Mozilla Firefox 1.x
    http://secunia.com/product/4227/

    DESCRIPTION:
    Paul has reported a vulnerability in Mozilla Firefox, which can be
    exploited by malicious people to conduct cross-site scripting
    attacks.

    The vulnerability is caused due to missing URI handler validation
    when dragging an image with a "javascript:" URL to the address bar.
    This can be exploited to execute arbitrary HTML and script code in a
    user's browser session in context of an arbitrary site by tricking a
    user into dragging an image to the address bar.

    This is similar to vulnerability 2 in:
    SA14160

    The vulnerability has been reported in version 1.0 and 1.0.1. Other
    versions may also be affected.

    SOLUTION:
    Do not drag images to the address bar.

    PROVIDED AND/OR DISCOVERED BY:
    Paul (greyhats)

    OTHER REFERENCES:
    SA14160:
    http://secunia.com/advisories/14160/
     
    Ramona,
    #1
  2. 2005/03/01
    Westside

    Westside Inactive Alumni

    Joined:
    2003/03/30
    Messages:
    4,506
    Likes Received:
    14
    Why would anyone want to drag images in the address bar?
     
    Westside,
    #2


  3. to hide this advert.

  4. 2005/03/01
    Ramona

    Ramona Geek Member Alumni Thread Starter

    Joined:
    2001/12/31
    Messages:
    7,481
    Likes Received:
    2
    Beats the heck out of me, and nothing I have ever seen done... :confused:
     
    Ramona,
    #3
  5. 2005/03/14
    JSS3rd Lifetime Subscription

    JSS3rd Geek Member

    Joined:
    2002/06/28
    Messages:
    2,221
    Likes Received:
    27
    Emphasis mine. The only time I've tried it the address window showed "javascript.void(0) ".
     
    JSS3rd,
    #4
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...