dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
5874
share rss forum feed


therube

join:2004-11-11
Randallstown, MD
Reviews:
·Comcast
·Verizon Online DSL
reply to siljaline

Re: Mozilla Firefox 16.0.1 Final

Thanks for that.

quote:
When the user browses to the attacker’s web page, a Javascript on that page opens a new browser window with a Twitter’s lists URL (»twitter.com/lists). If the victim is signed in to Twitter, then the window is automatically redirected by Twitter to the victim’s personal lists page and the URL now contains the victim’s personal twitter ID (e.g. »twitter.com/Imperva/lists). The attacker’s Javascript now queries the new window for its URL by using the location object. On previous versions, the same origin policy had failed such requests.

However, in Firefox 16 the same origin policy was not implemented correctly and allowed the attacker to gain access to the URL, allowing the leakage of personal data such as the victim’s Twitter ID in this case.

So that's why the POC didn't work for me when I tried it. I don't twit!
(Now I might just sign up for Twitter just to see what it does, nah.)


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico

said by therube:

Thanks for that.

Jiggy-doo


therube

join:2004-11-11
Randallstown, MD
Reviews:
·Comcast
·Verizon Online DSL
reply to therube

> Stupid testcase showing complete lack of even rudimentary security checks here

> One thing I can't understand is how we could possibly not have had a test for this

Bug 799952 - (CVE-2012-4192) Cross domain access to the location object



therube

join:2004-11-11
Randallstown, MD
reply to StuartMW

Can't say I agree with his summary, "The future of JavaScript security".



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico
reply to StuartMW

Another way of putting the Beta business model is:

It's available for pre-release testing [...]

MS Releases IE10 preview for Win 7 users:
»blogs.msdn.com/b/ie/archive/2012···ber.aspx