Full Disclosure mailing list archives
Re: New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities
From: Michal Zalewski <lcamtuf () dione ids pl>
Date: Sat, 30 Jun 2007 23:13:07 +0200 (CEST)
On Sat, 30 Jun 2007, Joseph Hick wrote:
This doesn't seem like a security flaw to me.
This is somewhat similar to my focus stealing bugs described here: http://lcamtuf.coredump.cx/focusbug/ ...though seems to work on patched Firefox because of a clever use of label-based aliasing. Now, the vulnerability For security reasons, value of file input field cannot be specified in HTML or set scriptually (otherwise, you could then just do submit() and have a file uploaded without user's consent) - and we want it to stay that way. Still, file input field can be hidden off-screen and the victim might be not aware of its presence or contents. Now, if a malicious web page can selectively redirect certain keystrokes to a hidden field of this type, while giving the user an impression he's actually typing a web forum post, playing a game, performing a search, or whatnot, with a visible feedback elsewhere on the webpage - we're in trouble: once a desired file name is collected, the script can have the form submitted, complete with victim's file of attacker's liking. Non-trivial user interaction is required, of course, but it's not terribly difficult to solicit some. Cheers, /mz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities carl hardwick (Jun 30)
- Re: New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities Joseph Hick (Jun 30)
- Re: New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities Martin Thurau (Jun 30)
- Re: New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities ascii (Jun 30)
- Re: New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities Guasconi Vincent (Jun 30)
- Re: New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities Guasconi Vincent (Jun 30)
- <Possible follow-ups>
- New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities carl hardwick (Jun 30)
- Re: New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities Joseph Hick (Jun 30)
- Re: New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities Michal Zalewski (Jun 30)
- Re: New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities Michal Zalewski (Jun 30)
- Re: New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities Joseph Hick (Jun 30)
- Re: New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities Joseph Hick (Jun 30)