Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:25274
HistoryDec 10, 2010 - 12:00 a.m.

Firefox 3.6.13 pseudo-URL SOP check bug (CVE-2010-3774)

2010-12-1000:00:00
vulners.com
26
JSON

Hi folks,

Firefox 3.6.13 fixes an interesting bug in their same-origin policy
logic for pseudo-URLs that do not have any inherent origin associated
with them. These documents are normally expected to inherit the
context from their parent, or be assigned a unique one. This didn't
work as expected in Firefox, apparently due to a code refactoring in
2008. The vulnerability permits malicious websites to access and
modify the contents of special pages such as about:neterror or
about:config, which has consequences ranging from content spoofing to
complete subversion of the browser security model.

More info:
http://lcamtuf.blogspot.com/2010/12/firefox-3613-damn-you-corner-cases.html
Whimsical PoC: http://lcamtuf.coredump.cx/ffabout/

PS. I posted a couple of probably interesting browser security
write-ups on my blog of recent, recapping the status quo in areas such
as HTTP cookie security. Some readers might find them interesting /
useful - say:
http://lcamtuf.blogspot.com/2010/10/http-cookies-or-how-not-to-design.html

Cheers,
/mz

JSON