Closed
Bug 513487
Opened 15 years ago
Closed 15 years ago
Cross-Site Scripting vulnerabilities in Mozilla Firefox 3.6 a1 pre and 3.7 a1 pre
Categories
(Firefox :: Security, defect)
Tracking
()
VERIFIED
INVALID
People
(Reporter: mustlive, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7) Gecko/20050414 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7) Gecko/20050414 Hello Mozilla! I want to warn you about Cross-Site Scripting vulnerabilities in Mozilla Firefox 3.6 and 3.7. As I wrote in my article Cross-Site Scripting attacks via redirectors (http://websecurity.com.ua/3386/) there are many Cross-Site Scripting vulnerabilities in different browsers, including Mozilla Firefox. I already wrote you about vulnerabilities in Firefox 3.0.x and 3.5.x and previous versions, and now I'd tell you about vulnerabilities in Firefox 3.6 a1 pre and 3.7 a1 pre. Which I found with help of Aung Khant from YEHG Team (which helped me with my researches of vulnerable browsers). In my article I wrote about five attack vectors: Attack #1 - via refresh-header redirector to javascript: URI. This vulnerability was mentioned in Bugzilla (https://bugzilla.mozilla.org/show_bug.cgi?id=475636). Attack #2 - via refresh-header redirector to data: URI. I wrote about this vulnerability in Bugzilla (https://bugzilla.mozilla.org/show_bug.cgi?id=503789). Attack #3 - via location-header redirector to data: URI. I wrote about this vulnerability in Bugzilla (https://bugzilla.mozilla.org/show_bug.cgi?id=503789). Attack #4 - via location-header redirector (which use answer "302 Object moved") to javascript: URI. I wrote about this vulnerability in Bugzilla (https://bugzilla.mozilla.org/show_bug.cgi?id=513320). Attack #5 - via location-header redirector (which uses any 301 and 302 answers) to javascript: URI. Here are results of testing, so you can fix these holes in official releases of new versions of your browser. XSS: Firefox 3.6 a1 pre - vulnerable to attacks #1,2,3,4 and in #1,2,4 JS code executes in context of the site. Firefox 3.7 a1 pre - vulnerable to attacks #2,3,4 and in #4 JS code executes in context of the site. Vulnerable version is Firefox 3.6 a1 pre and previous versions. Vulnerable version is Firefox 3.7 a1 pre and previous versions. Attend to security of all of yours web sites, web software, browsers and to security-audit. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua Reproducible: Always Steps to Reproduce: 1. Do in concordance with advisory and execute alert(document.cookie) (in attacks #1,2,4 for Firefox 3.6 a1 pre and #4 for Firefox 3.7 a1 pre). Actual Results: Shows my cookies at the site with redirector (in attacks #1,2,4 for Firefox 3.6 a1 pre and #4 for Firefox 3.7 a1 pre). Expected Results: Must not show cookies and not even execute JavaScript code.
Comment 1•15 years ago
|
||
It is not useful to file bugs summarizing the other bugs you have filed. Furthermore nome of the bugs you have referenced are XSS. JavaScript executing within the context of the site that served it is not cross-site anything.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → INVALID
Updated•15 years ago
|
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•