Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities

From: Michal Zalewski <lcamtuf () dione ids pl>
Date: Mon, 2 Jul 2007 11:15:06 +0200 (CEST)
On Mon, 2 Jul 2007, Joseph Hick wrote:


I succeeded in writing the same PoC without label with minor
modifications.


Would that allow you to selectively redirect keystrokes (that is, check
event's keycode)? More importantly, does Carl's original example allow
that?:-)

An example of event check logic is implemented in my original POC; if you
can't redirect selectively (that is, prevent certain events from being
delivered to INPUT TYPE=FILE field), the flaw is much less severe.

(Would check that, but am at work).

/mz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: