[Full-Disclosure] RE: Firescrolling [Firefox 1.0]

From: Eric McCarty (eric_at_piteduncan.com)
Date: 02/25/05

  • Next message: Colin.Scott_at_csplc.com: "Re: [Full-Disclosure] phpWebSite-0.10.0_exploit"
    Date: Fri, 25 Feb 2005 09:36:37 -0800
    To: "mikx" <mikx@mikx.de>, <full-disclosure@lists.netsys.com>, <bugtraq@securityfocus.com>, <NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM>
    
    

    Confirmed Exploit works in Firefox 1.0, however on a side note Microsoft
    Anti-spyware prevented the script from executing.

    Eric McCarty
    Systems Administrator
    Internet Security Officer

     

    -----Original Message-----
    From: mikx [mailto:mikx@mikx.de]
    Sent: Friday, February 25, 2005 12:11 AM
    To: full-disclosure@lists.netsys.com; bugtraq@securityfocus.com;
    NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    Subject: Firescrolling [Firefox 1.0]

    __Summary

    Remember my Internet Explorer "scrollbar exploit" based on http-equiv's
    "What a Drag"? When will people ever learn that "unusual user
    interaction"
    can be hidden by common tasks...

    Let's combine fireflashing, firetabbing, xul and javascript to run
    arbitrary code by dragging a scrollbar two times.

    __Proof-of-Concept

    http://www.mikx.de/firescrolling/

    __Status

    The exploit is based on multiple vulnerabilities:

    bugzilla.mozilla.org #280664 (fireflashing) bugzilla.mozilla.org #280056
    (firetabbing) bugzilla.mozilla.org #281807 (firescrolling)

    Upgrade to Firefox 1.0.1 or disable javascript.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the name CAN-2005-0527 to this issue.

    __Affected Software

    Tested with Firefox 1.0 on Windows and Linux (Fedora Core)

    __Contact Informations

    Michael Krax <mikx@mikx.de>
    http://www.mikx.de/?p=11

    mikx

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Colin.Scott_at_csplc.com: "Re: [Full-Disclosure] phpWebSite-0.10.0_exploit"

    Relevant Pages

    • RE: Firescrolling [Firefox 1.0]
      ... Confirmed Exploit works in Firefox 1.0, however on a side note Microsoft ... Internet Security Officer ... The exploit is based on multiple vulnerabilities: ... Upgrade to Firefox 1.0.1 or disable javascript. ...
      (Full-Disclosure)
    • Re: Firescrolling [Firefox 1.0]
      ... Does not work on firefox 1.0.1 n FC3. ... first drag of scrollbar opens new ... > The exploit is based on multiple vulnerabilities: ... > Upgrade to Firefox 1.0.1 or disable javascript. ...
      (Bugtraq)
    • RE: Firescrolling [Firefox 1.0]
      ... Remember my Internet Explorer "scrollbar exploit" based on http-equiv's ... The exploit is based on multiple vulnerabilities: ... Upgrade to Firefox 1.0.1 or disable javascript. ...
      (Bugtraq)
    • RE: Firescrolling [Firefox 1.0]
      ... Remember my Internet Explorer "scrollbar exploit" based on http-equiv's ... The exploit is based on multiple vulnerabilities: ... Upgrade to Firefox 1.0.1 or disable javascript. ...
      (Full-Disclosure)
    • [Full-Disclosure] RE: Firescrolling [Firefox 1.0]
      ... Remember my Internet Explorer "scrollbar exploit" based on http-equiv's ... The exploit is based on multiple vulnerabilities: ... Upgrade to Firefox 1.0.1 or disable javascript. ...
      (Full-Disclosure)