Re: Exploits in websites due to buggy input validation where mozilla is at fault as well as the website.

[Barry Fitzgerald <bkfsec () sdf lonestar org>]

Seth Alan Woolley wrote:

> Is it just me or is that behavior idiotic?  I've seen this bug in
> _multiple_ scripts I've audited.  For that reason, I feel much less safe
> signing up for cookies on websites that I haven't audited myself for
> this problem.  Since it is a script tag, that could open many a hole
> later down the line that I haven't mentioned as well.  It's just another
> reason to disable javascript and never use cookies for authentication.
>
>
>  

I see where you're coming from on this.  It enables a number of 
cross-site scripting attacks. 

I also see where they're coming from, though.  If you don't complete the 
tags prior to processing, it could cause (at best) issues in the page or 
(at worst) could allow improper nesting to get around improper code 
restrictions (as was recently seen on internet explorer).

I think that the best solution might be to display a dialogue box before 
it tries to fix the tags stating that the page contains potentially 
unsafe incomplete tags and asking whether the browser should repair them 
or not.

         -Barry



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html