Author Topic: Old bug in Firefox 1.0.4 raise again (by Secunia 6/6/05))  (Read 3100 times)

0 Members and 1 Guest are viewing this topic.

kamulko

  • Guest
Old bug in Firefox 1.0.4 raise again (by Secunia 6/6/05))
« on: June 08, 2005, 11:51:05 PM »
http://secunia.com/advisories/15601/

 The same for Mozilla 1.7.8 and Camino 0.8.4

Safe Test:

Test Your Browser

1)
Open a trusted site, this could be a bank, ecommerce site, windowsupdate etc. In this example, we have used Microsoft Developer Network. First, click the link below and leave the new window open, then click back to this window.

Click Here:
http://msdn.microsoft.com/library/default.asp

Please note, for this example to work in Opera, the browser has to identify itself as "Mozilla" or "Internet Explorer", because "msdn.microsoft.com" will not return the same content if Opera identifies itself as Opera.


2)
After the other window has been opened, it is possible for another site to inject a page into the "trusted" site's frameset. In our example, we inject content from Secunia.com into Microsoft.com.

Click Here:
Inject Secunia.com into Microsoft.com


3)
Now, open the window from Microsoft.com (Opened in step 1), and if your browser is vulnerable, content from Secunia will be displayed in one of the frames.


NOTES:
This test does not work in Mozilla, FireFox, and Camino when opening the web pages in a new tab instead of a window.

Exploitation can easily be made "automatic". However, since this example only serves as a test to give users an understanding of how it works, we have chosen not to do so.