Mozilla Firefox Drag and Drop Same Origin Policy Security Bypass Vulnerability
BID:51287
Info
Mozilla Firefox Drag and Drop Same Origin Policy Security Bypass Vulnerability
| Bugtraq ID: | 51287 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 05 2012 12:00AM |
| Updated: | Jan 05 2012 12:00AM |
| Credit: | Soroush Dalili |
| Vulnerable: |
Mozilla Firefox 9.0.1 |
| Not Vulnerable: | |
Discussion
Mozilla Firefox Drag and Drop Same Origin Policy Security Bypass Vulnerability
Mozilla Firefox is prone to a security-bypass vulnerability.
Attackers can exploit this issue to bypass the same-origin policy and certain access restrictions to access data, or execute arbitrary script code in the browser of an unsuspecting user in the context of another site. This could be used to steal sensitive information or launch other attacks.
This issue affects Firefox 9.0.1.
Mozilla Firefox is prone to a security-bypass vulnerability.
Attackers can exploit this issue to bypass the same-origin policy and certain access restrictions to access data, or execute arbitrary script code in the browser of an unsuspecting user in the context of another site. This could be used to steal sensitive information or launch other attacks.
This issue affects Firefox 9.0.1.
Exploit / POC
Mozilla Firefox Drag and Drop Same Origin Policy Security Bypass Vulnerability
Attackers may use standard tools to exploit this issue. The attacker must entice a user to visit a malicious website.
Attackers may use standard tools to exploit this issue. The attacker must entice a user to visit a malicious website.
Solution / Fix
Mozilla Firefox Drag and Drop Same Origin Policy Security Bypass Vulnerability
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected]..
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected]..
References
Mozilla Firefox Drag and Drop Same Origin Policy Security Bypass Vulnerability
References:
References:
- Drag and Drop XSS in Firefox by HTML5 (Cross Domain in frames) (Soroush Dalili)
- Mozilla Firefox Homepage (Mozilla)