Firefox/MSIE focus stealing vulnerability - clarification

[Michal Zalewski <lcamtuf () dione ids pl>]

After some research, I can offer this clarification:

  1) The MSIE 7 attack vector I described is a distinctive, new
     vulnerability that differs from the attack reported by Charles
     McAuley and Bart van Arnhem. Attacks described by them were
     fixed in MSIE7 (although MSIE6 is still exposed to the original
     flaw).

     My vulnerability attacks the same form control, but in a different
     manner. Again, the demo for this vulnerability is here:
     http://lcamtuf.coredump.cx/focusbug/ieversion.html

  2) The Firefox attack vector is related to the Charles' CVE-2006-2894,
     which in turn was a rediscovery of a problem known to Mozilla since
     2000 (!); attempts to fix it in official releases failed because the
     problem was repeatedly marked as a duplicate of a too narrowly
     defined issue with control hiding. A broader redesign probably
     eliminated the issue in development branches, but it still affects
     Firefox 1.5 and 2.0.

     This can be considered an independent rediscovery and a more
     practical demonstration of a previously reported vulnerability.
     The exploit is here: http://lcamtuf.coredump.cx/focusbug/index.html

Regards,
/mz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/