|
mikx has discovered three vulnerabilities in Mozilla and Firefox, which can be exploited by malicious people to plant malware on a user's system, conduct cross-site scripting attacks and bypass certain security restrictions.
1) Mozilla and Firefox validate an image against the "Content-Type" HTTP header, but uses the file extension from the URL when saving an image after a drag and drop event. This can e.g. be exploited to plant a valid image with an arbitrary file extension and embedded script code (e.g. .bat file) on the desktop by tricking a user into performing a certain drag and drop event.
2) Missing URI handler validation when dragging a "javascript:" URL to another tab can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an arbitrary site by tricking a user into dragging a malicious link to another tab.
3) An error in the restriction of URI handlers loaded via plugins can be exploited to link to certain restricted URIs (e.g. about:config).
This can further be exploited to trick a user into changing some sensitive configuration settings.
The vulnerabilities have been confirmed in Mozilla 1.7.5 and Firefox 1.0. Other versions may also be affected.
__________________
|
02-08-2005, 11:16 AM
Posted
Similar Threads
It appears you have not yet registered with our community
which limits what you can do & see. It's Free To register, please click here.
Linear Mode
