Sorry for my english.
I just transmit a letter I received from Pandasoftware about Firefox last day.
These are also on bugtraq.
Madrid, February 10 2005 - According to Mikx, three security problems have been detected in version 1.0. of the Firefox browser. They can be exploited by remote users to carry out diverse actions on systems, such as uploading malicious software, carrying out conduct cross-site scripting attacks or avoiding security restrictions.
This is not a very good summary. The bugs all require fairly unusual user actions in order to be exploited - none of the exploits is automatic.
The first of the problems lies in the fact that when the browser copies an image -via drag and drop-, on validating it against the HTTP "Content-Type" header, it uses a file extension from the URL. This could be exploited to situate a valid image, with an arbitrary file extension, and include script code on the desktop, tricking the user to drag and drop.
The attacker has to persuade the user to drag and drop an image of his crafting to their desktop.
The second problem consists of the non-validation of headers, when a "javascript:" URL is dragged to another tab. This vulnerability could be used to execute HTML code and arbitrary script in the user's browser session in the context of any other site.
Again, you need to persuade the user to drag a malicious javascript: URL to another tab.
The third vulnerability could allow -through the use of plug-ins and the moz-opacity filter- the alteration of certain settings parameters.
This is a bit more automatic - you have to persuade the user to click on the web page. It allows toggling of boolean settings parameters, assuming only the default ones are present in the set and the user clicks in exactly the right place.
Gerv _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
