Mozilla Firefox JavaScript Key Filtering Variant Vulnerability
BID:22524
Info
Mozilla Firefox JavaScript Key Filtering Variant Vulnerability
| Bugtraq ID: | 22524 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 12 2007 12:00AM |
| Updated: | Feb 13 2007 04:27AM |
| Credit: | Charles McAuley discovered this issue; Michal Zalewski <[email protected]> provided further information and an exploit. |
| Vulnerable: |
Mozilla Firefox 2.0 .1 Mozilla Firefox 1.5.0.9 |
| Not Vulnerable: | |
Discussion
Mozilla Firefox JavaScript Key Filtering Variant Vulnerability
Mozilla Firefox is prone to a JavaScript key-filtering vulnerability because the browser fails to securely handle keystroke input from users.
Exploiting this issue requires that users manually type the full path of files that attackers wish to download. This may require substantial typing from targeted users, so attackers will likely use keyboard-based games, blogs, or other similar pages to entice users to enter the required keyboard input to exploit this issue.
Mozilla Firefox 1.5.0.9 and 2.0.0.1 are vulnerable to this issue; other versions may also be affected. Applications based on the open-source Mozilla rendering engine may also be affected.
This issue is a variant of the one described in BID 18308 (Multiple Vendor Web Browser JavaScript Key Filtering Vulnerability).
Mozilla Firefox is prone to a JavaScript key-filtering vulnerability because the browser fails to securely handle keystroke input from users.
Exploiting this issue requires that users manually type the full path of files that attackers wish to download. This may require substantial typing from targeted users, so attackers will likely use keyboard-based games, blogs, or other similar pages to entice users to enter the required keyboard input to exploit this issue.
Mozilla Firefox 1.5.0.9 and 2.0.0.1 are vulnerable to this issue; other versions may also be affected. Applications based on the open-source Mozilla rendering engine may also be affected.
This issue is a variant of the one described in BID 18308 (Multiple Vendor Web Browser JavaScript Key Filtering Vulnerability).
Exploit / POC
Mozilla Firefox JavaScript Key Filtering Variant Vulnerability
The following URI hosts a proof-of-concept demonstration for this issue. Symantec cannot ensure the safety of third-party websites.
http://lcamtuf.coredump.cx/focusbug/ffversion.html
The following URI hosts a proof-of-concept demonstration for this issue. Symantec cannot ensure the safety of third-party websites.
http://lcamtuf.coredump.cx/focusbug/ffversion.html
Solution / Fix
Mozilla Firefox JavaScript Key Filtering Variant Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Mozilla Firefox JavaScript Key Filtering Variant Vulnerability
References:
References:
- Bug 370092 �?? Focus change between onKeyDown and onKeyPress, allowing to read arb (Mozilla)
- Bugzilla Bug 258875 (Mozilla)
- Bugzilla Bug 56236 (Mozilla)
- Mozilla Firefox Home Page (Mozilla)
- MSIE, Firefox focus stealing vulnerabilities (updated for BUGTRAQ) (Michal Zalewski
- Firefox/MSIE focus stealing vulnerability - clarification (Michal Zalewski