Flaw in Fire FOx


Advanced search

Message boards : Number crunching : Flaw in Fire FOx
Message board moderation

To post messages, you must log in.

AuthorMessage
Pascal, K G
Volunteer tester
Avatar

Send message
Joined: 3 Apr 99
Posts: 2343
Credit: 150,491
RAC: 0
United States
Message 109360 - Posted: 9 May 2005, 18:25:15 UTC

Flaw
Semper Eadem
So long Paul, it has been a hell of a ride.

Park your ego's, fire up the computers, Science YES, Credits No.
ID: 109360 · Report as offensive
ampoliros
Volunteer tester
Avatar

Send message
Joined: 24 Sep 99
Posts: 152
Credit: 3,542,579
RAC: 5
United States
Message 109401 - Posted: 9 May 2005, 19:43:27 UTC

This threat applies if you allow sites to install add-ons to Firefox. By default this is turned on but only for two sites (update.mozilla.org and addons.mozilla.org).

It would work by allowing the sites to use your javascript history and the mozilla website to fool your browser into thinking the malicious page is one of the two trusted sites.

[eg redirect a frame to mozilla and then to the malicious site, then use a javascript exploit to fool your browser into thinking that the mozilla site opened the window (or frame), then the frame would have the same privaledges as the mozilla sites]

Both of the default trusted sites are under the control of the Mozilla foundation and have been fixed server-side. If you have not changed the default preferences for install sites you should not be vulnerable.

7,049 S@H Classic Credits
ID: 109401 · Report as offensive

Message boards : Number crunching : Flaw in Fire FOx


 
©2024 University of California
 
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.