Closed
Bug 601526
Opened 14 years ago
Closed 14 years ago
XSS Exploit allows for Geolocation Stealing
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: trappmanrhett, Unassigned)
References
()
Details
(Keywords: privacy)
User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:2.0b6) Gecko/20100101 Firefox/4.0b6 Build Identifier: Mozilla/5.0 (Windows NT 6.0; rv:2.0b6) Gecko/20100101 Firefox/4.0b6 The above URL contains a "proof of concept" that explains how users don't have to be prompted for their location. Firefox should be able to detect XSS methods like this and prompt the user. Reproducible: Always
Comment 1•14 years ago
|
||
The method works like this:<br> 1. You visit a malicious web site (why are people so mean?)<br> 2. The web site has a hidden XSS against your router (in this example, I'm using an <a href="/vzwfios/">XSS I discovered in the Verizon FiOS router</a>)<br> 3. The XSS obtains the MAC address of the router via AJAX.<br> 4. The MAC address is then sent to the malicious person. In the test case below, it's sent to me (not that I'm malicious!)<br> 5. I then take the MAC address and send it along to Google Location Services. This is an HTTP-based service where router MAC addresses are mapped to approximate GPS coordinates from other data sources. <b>There are NO special browser requirements, nor does a user need to be prompted.</b> I determined this protocol by using <a target=_net href="http://www.mozilla.com/en-US/firefox/geolocation/">Firefox's Location-Aware Browsing</a>.<br> 6. I grab the coordinates and show it to you in a pretty map below.<p> As far as I can tell, this is not a Firefox bug, but a server bug on the router. Is there any reason we shouldn't close this INVALID? Did you report the FIOS router bug to Verizon?
Comment 2•14 years ago
|
||
(In reply to comment #1) > As far as I can tell, this is not a Firefox bug, but a server bug on the > router. Is there any reason we shouldn't close this INVALID? Nope. This is not a Firefox bug.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•