Security-Assessment.com WhitePaper/Addendum: Cross Context Scripting with Firefox & Exploiting Cross Context Scripting vulnerabilities in Firefox




( , ) (,
. `.' ) ('. ',
). , ('. ( ) (
(_,) .`), ) _ _,
/ _____/ / _ \ ____ ____ _____
\____ \==/ /_\ \ _/ ___\/ _ \ / \
/ \/ | \\ \__( <_> ) Y Y \
/______ /\___|__ / \___ >____/|__|_| /
\/ \/.-. \/ \/:wq
(x.0)
'=.|w|.='
_='`"``=.

presents..

Hi there,

For the last year, we have been focusing on
Firefox Extension security and we have now
released a research paper and an addendum
on the topic of Cross Context Scripting (XCS).

The research paper "Cross Context Scripting
with Firefox" demonstrates different ways of
attacking Firefox extensions via Cross
Context Scripting (XCS) vulnerabilities.
Several XCS cases are detailed, including
vulnerable extension code and exploit.

Cross Context Scripting with Firefox - Roberto Suggi Liverani
Link: http://www.security-assessment.com/files/whitepapers/Cross_Context_Scripting_with_Firefox.pdf

The addendum "Exploiting Cross Context
Scripting vulnerabilities in Firefox"
includes a number of exploits tailored
for Cross Context Scripting vulnerabilities.

Exploiting Cross Context Scripting vulnerabilities in Firefox - Nick Freeman, Roberto Suggi Liverani
Link: http://www.security-assessment.com/files/whitepapers/Exploiting_Cross_Context_Scripting_vulnerabilities_in_Firefox.pdf


+--------+
|Abstract|
+--------+

Cross Context Scripting (XCS) is a term coined
for a browser based content injection in the
Firefox chrome zone. This term was originally
used by researcher Petro D. Petkov (pdp), when
David Kierznowski found a vulnerability in the
Sage RSS Reader Firefox extension .
XCS injection occurs between different
security zones, an untrusted and a trusted
zone.

This paper details several XCS cases. XCS
attacks may be possible due to a lack of
input filtering controls for example.
However, other components may be vulnerable as
well, including wrappers, XPCOM components, XUL
overlays, the browser sandbox and DOM events.

This paper can be seen as complimentary to the
presentations given at EUSecWest 2009 , DEFCON 17
and SecurityByte & OWASP AppSec Asia 2009
security conferences.

+----------------+
|Acknowledgements|
+----------------+

Special thanks go to Paul Craig, kuza55 and
Stefano Di Paola for their invaluable feedback.


+-----------------------------+
|About Security-Assessment.com|
+-----------------------------+

Security-Assessment.com is a New Zealand based world
leader in web application testing, network security
and penetration testing. Security-Assessment.com
services organisations across New Zealand, Australia,
Asia Pacific, the United States and the United
Kingdom.


--
Roberto Suggi Liverani
Senior Security Consultant
Mob. +64 21 928 780
www.security-assessment.com



Relevant Pages