Bugtraq mailing list archives
Cross-Site Scripting vulnerabiliy in Firefox and Opera
From: "MustLive" <mustlive () websecurity com ua>
Date: Sat, 1 Aug 2009 21:45:44 +0300
Hello Bugtraq! I want to warn you about Cross-Site Scripting vulnerability in Firefox and Opera, which I found at 13.07.2009 and published last month at my site. This advisory related to my advisory about Cross-Site Scripting vulnerability in Mozilla, Firefox and Chrome (http://www.securityfocus.com/archive/1/504972/30/0/threaded), but if there was attack via refresh-header redirectors, then this time attack is via location-header redirectors. This Cross-Site Scripting vulnerability in browsers Firefox and Opera allows to execute JavaScript code via location-header redirectors (and there are a lot of them in Internet, more then refresh-header redirectors). XSS: With request to script at web site: http://site/script.php?param=data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5jb29raWUpPC9zY3JpcHQ%2b Which returns in answer the Location header and the code will execute in the browser: Location: data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5jb29raWUpPC9zY3JpcHQ+ Vulnerable are Firefox 3.0.12 and Opera, but without access to cookies (the same as in case of refresh-header redirectors), because code executed not in context of original site. It can be used for fishing and executing of JavaScript code (for malware spreading). Vulnerable version is Mozilla Firefox 3.0.12 and previous versions (and 3.5 should be also vulnerable). Vulnerable version is Opera 9.52 and previous versions (and potentially next versions too). I mentioned about this vulnerability at my site (http://websecurity.com.ua/3323/). P.S. In my post about vulnerability at tinyurl.com (http://websecurity.com.ua/3365/) I showed how this vulnerability in browsers can be used for malware spreading via this redirecting service (and other redirecting services in Internet). Best wishes & regards, MustLive Administrator of Websecurity web sitehttp://websecurity.com.ua
!DSPAM:4a748d98231141704614446!
Current thread:
- Cross-Site Scripting vulnerabiliy in Firefox and Opera MustLive (Aug 03)