RE: Firescrolling [Firefox 1.0]

From: Beauford, Jason (jbeauford_at_EightInOnePet.com)
Date: 02/25/05

  • Next message: iDEFENSE Labs: "iDEFENSE Security Advisory 02.25.05: WU-FTPD File Globbing Denial of Service Vulnerability" 
    Date: Fri, 25 Feb 2005 13:14:57 -0500
To: "mikx" <mikx@mikx.de>, <full-disclosure@lists.netsys.com>, <bugtraq@securityfocus.com>, <NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM>

    That sucked.

    Fortunately: http://www.mozilla.org/products/firefox/releases/

    jmb

    -----Original Message-----
    From: mikx [mailto:mikx@mikx.de]
    Sent: Friday, February 25, 2005 3:11 AM
    To: full-disclosure@lists.netsys.com; bugtraq@securityfocus.com;
    NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    Subject: Firescrolling [Firefox 1.0]

    __Summary

    Remember my Internet Explorer "scrollbar exploit" based on http-equiv's
    "What a Drag"? When will people ever learn that "unusual user
    interaction"
    can be hidden by common tasks...

    Let's combine fireflashing, firetabbing, xul and javascript to run
    arbitrary
    code by dragging a scrollbar two times.

    __Proof-of-Concept

    http://www.mikx.de/firescrolling/

    __Status

    The exploit is based on multiple vulnerabilities:

    bugzilla.mozilla.org #280664 (fireflashing) bugzilla.mozilla.org #280056
    (firetabbing) bugzilla.mozilla.org #281807 (firescrolling)

    Upgrade to Firefox 1.0.1 or disable javascript.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the name CAN-2005-0527 to this issue.

    __Affected Software

    Tested with Firefox 1.0 on Windows and Linux (Fedora Core)

    __Contact Informations

    Michael Krax <mikx@mikx.de>
    http://www.mikx.de/?p=11

    mikx

  • Next message: iDEFENSE Labs: "iDEFENSE Security Advisory 02.25.05: WU-FTPD File Globbing Denial of Service Vulnerability"

    Relevant Pages

    • RE: Firescrolling [Firefox 1.0]
      ... Remember my Internet Explorer "scrollbar exploit" based on http-equiv's ... The exploit is based on multiple vulnerabilities: ... Upgrade to Firefox 1.0.1 or disable javascript. ...
      (Full-Disclosure)
    • [Full-Disclosure] RE: Firescrolling [Firefox 1.0]
      ... Remember my Internet Explorer "scrollbar exploit" based on http-equiv's ... The exploit is based on multiple vulnerabilities: ... Upgrade to Firefox 1.0.1 or disable javascript. ...
      (Full-Disclosure)
    • Re: Upgrade Firefox 1.07 to 1.5
      ... >>> I could workaround the broken extensions OK, ... >>> scrollbar is unacceptable. ... > I agree with your opinion on the preferences dialog! ... > Firefox internal preferences. ...
      (alt.os.linux.suse)
    • Firescrolling [Firefox 1.0]
      ... Remember my Internet Explorer "scrollbar exploit" based on http-equiv's ... The exploit is based on multiple vulnerabilities: ... The Common Vulnerabilities and Exposures project has ... Tested with Firefox 1.0 on Windows and Linux ...
      (Bugtraq)
    • [Full-Disclosure] Firescrolling [Firefox 1.0]
      ... Remember my Internet Explorer "scrollbar exploit" based on http-equiv's ... The exploit is based on multiple vulnerabilities: ... The Common Vulnerabilities and Exposures project has ... Tested with Firefox 1.0 on Windows and Linux ...
      (Full-Disclosure)