Full Disclosure mailing list archives
Re: Chrome and Safari users open to stealth HTML5 Application Cache attack
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Mon, 28 Jun 2010 17:53:14 -0700
On unsecured networks, attackers could stealthily create malicious Application Caches in the browser of victims for even HTTPS sites. It has always been possible to poison the browser cache and compromise the victim's account for HTTP based sites. With HTML5 Application Cache, it is possible to poison the cache of even HTTPS sites. == Is it agreed that if the above is true -- meaning, separation doesn't actually exist -- then there's a bug?
My understanding is that this refers to the ability to poison http://www.mybank.com - which may be the default destination for a good percentage of users - even if the only function of this page is to redirect directly to https://www.mybank.com. There should be no ability to use cache manifests delivered over http to inject content into the https origin, or at least I hope so. /mz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Chrome and Safari users open to stealth HTML5 Application Cache attack Lavakumar Kuppan (Jun 28)
- Re: Chrome and Safari users open to stealth HTML5 Application Cache attack Chris Evans (Jun 28)
- Re: Chrome and Safari users open to stealth HTML5 Application Cache attack Dan Kaminsky (Jun 28)
- Re: Chrome and Safari users open to stealth HTML5 Application Cache attack Chris Evans (Jun 28)
- Re: Chrome and Safari users open to stealth HTML5 Application Cache attack Dan Kaminsky (Jun 28)
- Re: Chrome and Safari users open to stealth HTML5 Application Cache attack Michal Zalewski (Jun 28)
- Re: Chrome and Safari users open to stealth HTML5 Application Cache attack Lavakumar Kuppan (Jun 29)
- Re: Chrome and Safari users open to stealth HTML5 Application Cache attack Dan Kaminsky (Jun 28)
- Re: Chrome and Safari users open to stealth HTML5 Application Cache attack Chris Evans (Jun 28)