Full Disclosure mailing list archives
Re: New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities
From: Michal Zalewski <lcamtuf () dione ids pl>
Date: Mon, 2 Jul 2007 11:15:06 +0200 (CEST)
On Mon, 2 Jul 2007, Joseph Hick wrote:
I succeeded in writing the same PoC without label with minor modifications.
Would that allow you to selectively redirect keystrokes (that is, check event's keycode)? More importantly, does Carl's original example allow that?:-) An example of event check logic is implemented in my original POC; if you can't redirect selectively (that is, prevent certain events from being delivered to INPUT TYPE=FILE field), the flaw is much less severe. (Would check that, but am at work). /mz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities Joseph Hick (Jul 02)
- Re: New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities Michal Zalewski (Jul 02)