Full Disclosure mailing list archives
Re: Firefox bookmark cross-domain surfing vulnerability
From: "pdp (architect)" <pdp.gnucitizen () googlemail com>
Date: Thu, 22 Feb 2007 13:43:48 +0000
well placed splog network can reach millions of users in a couple of hours. On 2/22/07, Michal Zalewski <lcamtuf () dione ids pl> wrote:
On Thu, 22 Feb 2007, pdp (architect) wrote:This vulnerability is cute but not very useful mainly because a lot of social engineering is required.Well, very little trickery is required - having a person bookmark an interesting page and then reopen it later on, while the browser is still on its start page (or just about any other high-profile site), isn't that unusual, and does not rely on an improbable set of circumstances, or the user being particularly timid. This problem is not that significant for a different reason - to affect a small percentage of population, you'd need to invest some serious effort into providing content and PR for the attack site. Spending several days to steal GMail cookies from 1000 users is a waste of time when you can get 10000 rooted boxes in hours with a trojan horse e-mail. So, yeah. /mz
-- pdp (architect) | petko d. petkov http://www.gnucitizen.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Firefox bookmark cross-domain surfing vulnerability Michal Zalewski (Feb 21)
- Re: Firefox bookmark cross-domain surfing vulnerability Tyop? (Feb 21)
- Re: Firefox bookmark cross-domain surfing vulnerability pdp (architect) (Feb 21)
- Re: Firefox bookmark cross-domain surfing vulnerability Michal Zalewski (Feb 21)
- Re: Firefox bookmark cross-domain surfing vulnerability pdp (architect) (Feb 22)
- Re: Firefox bookmark cross-domain surfing vulnerability Michal Zalewski (Feb 22)
- Re: Firefox bookmark cross-domain surfing vulnerability pdp (architect) (Feb 22)
- Re: Firefox bookmark cross-domain surfing vulnerability Daniel Veditz (Feb 22)
- Re: Firefox bookmark cross-domain surfing vulnerability Michal Zalewski (Feb 21)
- <Possible follow-ups>
- Re: Firefox bookmark cross-domain surfing vulnerability v3dt3n (Feb 21)