Full Disclosure mailing list archives
Re: Firefox/MSIE focus stealing vulnerability - clarification
From: "Ruud H.G. van Tol" <rvtol () isolution nl>
Date: Mon, 12 Feb 2007 23:31:56 +0100 (CET)
Michal Zalewski wrote:
2) The Firefox attack vector is related to the Charles' CVE-2006-2894, which in turn was a rediscovery of a problem known to Mozilla since 2000 (!); attempts to fix it in official releases failed because the problem was repeatedly marked as a duplicate of a too narrowly defined issue with control hiding. A broader redesign probably eliminated the issue in development branches, but it still affects Firefox 1.5 and 2.0. This can be considered an independent rediscovery and a more practical demonstration of a previously reported vulnerability. The exploit is here: http://lcamtuf.coredump.cx/focusbug/index.html
Without JavaScript on, this doesn't work. See http://noscript.net/ -- Affijn, Ruud _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Firefox focus stealing vulnerability (possibly other browsers), (continued)
- Re: Firefox focus stealing vulnerability (possibly other browsers) Michal Zalewski (Feb 11)
- Re: Firefox focus stealing vulnerability (possibly other browsers) pdp (architect) (Feb 11)
- Re: Firefox focus stealing vulnerability (possibly other browsers) Ben Bucksch (Feb 11)
- Re: Firefox focus stealing vulnerability (possibly other browsers) Ben Bucksch (Feb 11)
- Re: Firefox focus stealing vulnerability (possibly other browsers) Paul Szabo (Feb 11)
- Re: Firefox focus stealing vulnerability (possibly other browsers) Michal Zalewski (Feb 11)
- Message not available
- Re: Firefox focus stealing vulnerability (possibly other browsers) Michal Zalewski (Feb 12)
- Re: Firefox focus stealing vulnerability (possibly other browsers) pdp (architect) (Feb 12)
- Re: Firefox focus stealing vulnerability (possibly other browsers) Paul Szabo (Feb 11)
- Re: Firefox/MSIE focus stealing vulnerability - clarification Marcello Barnaba (Feb 12)
- Re: Firefox/MSIE focus stealing vulnerability - clarification Ruud H.G. van Tol (Feb 12)
- Re: Firefox/MSIE focus stealing vulnerability - clarification Tyop? (Feb 12)
- Re: Firefox/MSIE focus stealing vulnerability - clarification Marcello Barnaba (Feb 12)