Closed Bug 292687 Opened 20 years ago Closed 20 years ago

Cross Site Scripting requiring little user interaction

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED DUPLICATE of bug 291745

People

(Reporter: pvnick, Assigned: dveditz)

References

(
URL
)

Details

(Whiteboard: [sg:dupe 291745])

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 One of my previous vulnerabilities required the user to click a link and then press "back". However, by calling the history.go function, we can eliminate the need to press back, now only requiring the user to click on a link. Reproducible: Always Steps to Reproduce: 1. http://greyhatsecurity.org/vulntests/oneclickuhoh.htm 2. Click anywhere on the page Actual Results: Cross site scripting in the context of google.com Expected Results: Nothing :) This can be combined with my previous vulnerability (http://greyhatsecurity.org/vulntests/more/ffaddonvuln.htm), which, btw, I haven't yet received a bug id for, to replace the need of dragging the link to the tab. This will basically allow remote compromise requiring little user interaction.
Assignee: nobody → dveditz
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: blocking1.8b3+
Flags: blocking-aviary1.1+
Flags: blocking-aviary1.0.4+
Whiteboard: [sg:fix]
Fixed by the "back()" fix in bug 291745 *** This bug has been marked as a duplicate of 291745 ***
Status: NEW → RESOLVED
Closed: 20 years ago
Flags: blocking-aviary1.0.5+
Resolution: --- → DUPLICATE
Whiteboard: [sg:fix] → [sg:dupe 291745]
Group: security
Flags: testcase+
Flags: in-testsuite+ → in-testsuite?
You need to log in before you can comment on or make changes to this bug.