[Full-Disclosure] Firetabbing [Firefox 1.0]

From: mikx (mikx_at_mikx.de)
Date: 02/07/05

  • Next message: mikx: "[Full-Disclosure] Fireflashing [Firefox 1.0]"
    To: <full-disclosure@lists.netsys.com>, <bugtraq@securityfocus.com>, <NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM>
    Date: Mon, 7 Feb 2005 18:50:23 +0100
    
    

    __Summary

    The javascript security manager usually prevents that a javascript: URL from
    one host is opened in a window displaying content from another host. But
    when the link is dropped to a tab, the security manager does not kick in.

    This can lead to several security problems scaling from stealing session
    cookies to the ability to run arbitrary code on the client system (depending
    on the displayed site or security setttings).

    Tabbed browsing is a great feature to organize mutliple website, but after a
    while also tabs become too much. Now you have two options: Close tabs and
    open new ones (CTRL+W to close a tab, followed by a CTRL+click on a link to
    open a new one), or just recycle already open tabs by dragging links to
    them - the solution i prefer.

    __Proof-of-Concept

    http://www.mikx.de/firetabbing/

    __Status

    The bug is marked as fixed in bugzilla. Get a nightly build, compile on your
    own or wait for Firefox 1.0.1.

    2005-01-27 Vendor informed (bugzilla.mozilla.org #280056)
    2005-01-28 Vendor confirmed bug
    2005-02-05 Vendor fixed bug
    2005-02-07 Public disclosure

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the name CAN-2005-0231 to this issue.

    __Affected Software

    Tested with Firefox 1.0 and Mozilla 1.7.5

    __Contact Informations

    Michael Krax <mikx@mikx.de>
    http://www.mikx.de/?p=9

    mikx

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: mikx: "[Full-Disclosure] Fireflashing [Firefox 1.0]"

    Relevant Pages

    • Firetabbing [Firefox 1.0]
      ... The javascript security manager usually prevents that a javascript: ... one host is opened in a window displaying content from another host. ... while also tabs become too much. ...
      (Full-Disclosure)
    • Firetabbing [Firefox 1.0]
      ... The javascript security manager usually prevents that a javascript: ... one host is opened in a window displaying content from another host. ... while also tabs become too much. ...
      (NT-Bugtraq)
    • Firetabbing [Firefox 1.0]
      ... The javascript security manager usually prevents that a javascript: ... one host is opened in a window displaying content from another host. ... while also tabs become too much. ...
      (Bugtraq)