Computer Security
[EN] securityvulns.ru no-pyccku


Mozilla Firefox cross domain access
updated since 15.02.2007
Published:27.02.2007
Source:
SecurityVulns ID:7238
Type:client
Threat Level:
8/10
Description:By using location.hostname='evil.com\x00foo.example.com' in javascript it's possible to make request for foo.example.com domain to be sent to evil.com. It makes it possible cross-domain access. Vulnerability can be used for hidden malware installation.
Affected:MOZILLA : Firefox 2.0
CVE:CVE-2007-1084 (Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page.)
 CVE-2007-1004 (Mozilla Firefox might allow remote attackers to conduct spoofing and phishing attacks by writing to an about:blank tab and overlaying the location bar.)
 CVE-2007-0981 (Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.)
Original documentdocumentMOZILLA, Mozilla Foundation Security Advisory 2007-07 (27.02.2007)
 documentMichal Zalewski, [Full-disclosure] Firefox bookmark cross-domain surfing vulnerability (22.02.2007)
 documentMichal Zalewski, Firefox: about:blank is phisher's best friend (18.02.2007)
 documentMichal Zalewski, Re: [Full-disclosure] Firefox: serious cookie stealing / same-domain bypass vulnerability (15.02.2007)
 documentMichal Zalewski, Firefox: serious cookie stealing / same-domain bypass vulnerability (15.02.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod