Re: Firefox cross-domain image theft (CESA-2008-009)

[adrian.lamo () hushmail com]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear Petro D. Petro,

Fascinating work.  I will try to understand it when Juha provides a
digest on his security team website.

- -al

On Tue, 18 Nov 2008 16:26:13 -0500 Chris Evans
<scarybeasts () gmail com> wrote:
> Hi,
>
> Firefox 2.0.0.18 fixes a cross-domain theft of image data. Firefox
> 3
> unaffected. It's another interesting case where a redirector
> confuses the
> browser about the true origin of a piece of content. If evil.org
> hosts a
> redirector, e.g. evil.org/redir, and an image is loaded via this
> redirector,
> the image will be treated as a same-domain image. In this event,
> the image
> pixel data may easily be stolen by rendering the image to a canvas
> and using
> the getImageData() JavaScript API.
>
> Advisory: http://scary.beasts.org/security/CESA-2008-009.html
>
> Blog post:
> http://scarybeastsecurity.blogspot.com/2008/11/firefox-cross-
> domain-image-theft-and.html
>
> Cheers
> Chris
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify

wpwEAQMCAAYFAkkjNfYACgkQ8J2EGU1ixm7pswP8DZyojyrOATc1MWgyl8x9pwmcv+eb
Fe4TfM807F6QyPYD/S3sFt30dFjxR4Y00UgFCLMuig23WFGHey8x81x+kzOCXPEYCerr
43xXFEHtgpAJXSusAewGtyC1rhF1ox7yE+nptGDfo16xhMxUwOQbgJxrXkffwrStOCp1
NCpyVHM=
=b0a7
-----END PGP SIGNATURE-----

--
Click for free info on getting an MBA, $200K/ year potential.
http://tagline.hushmail.com/fc/PnY6qxsZwUEc5DoIOvJcoaOATuGbppGqGc2rd3tXUsJpcramttFQ8/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/