Closed
Bug 587533
Opened 14 years ago
Closed 14 years ago
Mozilla Firefox <=3.6.8 JavaScript 'Prompted Message' Crash And Spoofing Vulnerability
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 529594
People
(Reporter: xisigr, Unassigned)
Details
(Whiteboard: [sg:dupe 529594])
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8
======================================================
Mozilla Firefox <=3.6.8 JavaScript 'Prompted Message' Crash Exploit
======================================================
# Exploit Title: Mozilla Firefox <=3.6.8 JavaScript 'Prompted Message' Crash Exploit
# Date: 2010-8-14
# Author: xisigr
# Software Link: http://www.mozilla.org
# Version: Mozilla Firefox <= 3.6.8
# Tested on: Windows XP-VISTA-SEVEN & LINUX BACKTRACK
Code: <body onload="location='';alert('');">
============================================================
Mozilla Firefox <=3.6.8 JavaScript 'Prompted Message' Spoofing Vulnerability
============================================================
# Exploit Title: Mozilla Firefox <=3.6.8 JavaScript 'Prompted Message' Spoofing Vulnerability
# Date: 2010-8-14
# Author: xisigr
# Software Link: http://www.mozilla.org
# Version: Mozilla Firefox <= 3.6.8
# Tested on: Windows XP-VISTA-SEVEN & LINUX BACKTRACK
Code: <a onclick="location='http://www.google.com';alert('xeye');" href="http://www.google.com">google</a>
Reproducible: Always
|
||
Updated•14 years ago
|
Component: General → Security
QA Contact: general → firefox
|
|
||
Comment 2•14 years ago
|
||
The first issue is a hang that could lead to a crash with OOM
The second one is displays an alert on the loaded page (in this page google) which looks like the alert is coming from google.
confirming.
Status: UNCONFIRMED → NEW
Ever confirmed: true
In fact, I have reported this vulnerability, titled "Mozilla Firefox JavaScript 'Prompted Message' Spoofing Vulnerability", then this loophole numbered CVE-2009-4129, and Bugtraq ID: 37230. FireFox then later fixes this BUG, but found in the latest version does not fix perfect, which of the "on" at the beginning of the function to deal with them is still a problem, leading to the vulnerability and rose again.
About the second,An attacker may leverage this issue to present a JavaScript 'prompted message' generated by a malicious domain such that it appears above a window for a targeted, legitimate domain. This may lead to a false sense of trust because the victim may be presented with a URI of a seemingly trusted site while interacting with the attacker's malicious site.
|
||
Comment 4•14 years ago
|
||
CVE-2009-4129 was bug 529594.
|
|
||
Comment 5•14 years ago
|
||
In the interest of having a separate bug report on each issue, I filed bug 590269 on the first testcase. (OOM crashes are usually not exploitable, and this one is slow enough and uses normal-enough code paths that I'd have no reason to believe otherwise.)
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
|
||
Updated•13 years ago
|
Whiteboard: [sg:dupe 529594]
|
|
||
Updated•11 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•