BID:22666

Mozilla Firefox Bookmarks HTML-Injection Vulnerability

Info

Mozilla Firefox Bookmarks HTML-Injection Vulnerability

Bugtraq ID:	22666
Class:	Design Error
CVE:	CVE-2007-1084
Remote:	Yes
Local:	No
Published:	Feb 22 2007 12:00AM
Updated:	May 12 2015 07:34PM
Credit:	Michal Zalewski is credited with the discovery of this issue.
Vulnerable:	Mozilla Firefox 2.0 .1 Mozilla Firefox 1.5 beta 2 Mozilla Firefox 1.5 beta 1 Mozilla Firefox 1.5 .8 Mozilla Firefox 1.5 Mozilla Firefox 1.0.8 Mozilla Firefox 1.0.7 Mozilla Firefox 1.0.6 Mozilla Firefox 1.0.5 Mozilla Firefox 1.0.4 Mozilla Firefox 1.0.3 + Gentoo Linux Mozilla Firefox 1.0.2 + Mandriva Linux Mandrake 10.2 x86_64 + Mandriva Linux Mandrake 10.2 + Mandriva Linux Mandrake 10.2 + Redhat Desktop 4.0 + Redhat Desktop 4.0 + Redhat Enterprise Linux AS 4 + Redhat Enterprise Linux AS 4 + Redhat Enterprise Linux ES 4 + Redhat Enterprise Linux ES 4 + Redhat Enterprise Linux WS 4 + Redhat Enterprise Linux WS 4 Mozilla Firefox 1.0.1 + Redhat Fedora Core3 Mozilla Firefox 1.0 + Gentoo Linux + Gentoo Linux + S.u.S.E. Linux Personal 9.2 x86_64 + S.u.S.E. Linux Personal 9.2 x86_64 + S.u.S.E. Linux Personal 9.2 + S.u.S.E. Linux Personal 9.2 + S.u.S.E. Linux Personal 9.1 x86_64 + S.u.S.E. Linux Personal 9.1 x86_64 + S.u.S.E. Linux Personal 9.1 + S.u.S.E. Linux Personal 9.1 + S.u.S.E. Linux Personal 9.0 x86_64 + S.u.S.E. Linux Personal 9.0 x86_64 + S.u.S.E. Linux Personal 9.0 + S.u.S.E. Linux Personal 9.0 + Slackware Linux 10.1 + Slackware Linux 10.0 + Slackware Linux 10.0 + Slackware Linux 9.1 + Slackware Linux 9.1 + Slackware Linux -current + Slackware Linux -current Mozilla Firefox 0.10.1 Mozilla Firefox 0.10 Mozilla Firefox 0.9.3 Mozilla Firefox 0.9.2 Mozilla Firefox 0.9.1 Mozilla Firefox 0.9 rc Mozilla Firefox 0.9 Mozilla Firefox 0.8 Mozilla Firefox 2.0 RC3 Mozilla Firefox 2.0 RC2 Mozilla Firefox 2.0 beta 1 Mozilla Firefox 2.0 Mozilla Firefox 1.5.0.9 Mozilla Firefox 1.5.0.7 Mozilla Firefox 1.5.0.6 Mozilla Firefox 1.5.0.5 Mozilla Firefox 1.5.0.4 Mozilla Firefox 1.5.0.3 Mozilla Firefox 1.5.0.2 Mozilla Firefox 1.5.0.1

Not Vulnerable:

Discussion

Mozilla Firefox Bookmarks HTML-Injection Vulnerability

Firefox is prone to an HTML-injection vulnerability because of the way it handles bookmarked URIs.

An attacker can exploit this issue to steal cookie-based authentication credentials and other sensitive data that may aid in further attacks.

Exploit / POC

Mozilla Firefox Bookmarks HTML-Injection Vulnerability

To exploit this issue, an attacker must entice an unsuspecting user to bookmark a malicious URI and later retrieve it.

Solution / Fix

Mozilla Firefox Bookmarks HTML-Injection Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

Mozilla Firefox Bookmarks HTML-Injection Vulnerability

References:

Re: [Full-disclosure] Firefox bookmark cross-domain surfing vulnerability (Michal Zalewski)
Firefox bookmark cross-domain surfing vulnerability (Michal Zalewski)
Re: [Full-disclosure] Firefox bookmark cross-domain surfing vulnerability (pdp (architect))