Slashdot Mirror

← Back to Stories (view on slashdot.org)

Gaping Holes In Fully Patched IE7, Firefox 2

Posted by kdawson on from the just-when-you-thought-it-was-safe dept.

Continent1106 writes "Hacker Michal Zalewski has ratcheted up his ongoing assault on Web browser security models, releasing details on serious flaws in fully patched versions of IE6, IE7 and Firefox 2.0. The vulnerabilities could cause cookie stealing, page hijacking, memory corruption, code execution, and URL bar spoofing attacks." Here is Zalewski's post to Full Disclosure.

8 of 303 comments (clear)

  1. Ah well by GFree · · Score: 5, Informative

    Gaping Holes In Fully Patched IE7, Firefox 2
    In other words, it doesn't matter which browser you use, you're gonna get F'd in the A regardless? Sounds painful.
    1. Re:Ah well by rts008 · · Score: 5, Informative

      RTFA...Try the demo's...It will reduce the FUD.

      I tried the demo page/file and got no response whatever.

      "2) Title : Firefox Cross-site IFRAME hijacking (MAJOR)
            Impact : keyboard snooping, content spoofing, etc
            Demo : http://lcamtuf.coredump.cx/ifsnatch/
            Bugzilla : https://bugzilla.mozilla.org/show_bug.cgi?id=38268 6 [May 30]"
      from:(http://lcamtuf.coredump.cx/ifsnatch/) which is from:2) Title : Firefox Cross-site IFRAME hijacking (MAJOR)
            Impact : keyboard snooping, content spoofing, etc
            Demo : http://lcamtuf.coredump.cx/ifsnatch/
            Bugzilla : https://bugzilla.mozilla.org/show_bug.cgi?id=38268 6 [May 30]"

      and this:"3) Title : Firefox file prompt delay bypass (MEDIUM)
            Impact : non-consentual download or execution of files
            Demo : http://lcamtuf.coredump.cx/ffclick2/
            Bugzilla : https://bugzilla.mozilla.org/show_bug.cgi?id=37647 3 [Apr 04]"

      I tried both link's test button and got no response whatever.

      IMHO, this must be something related to running Windows, as my Kubuntu 7.04 Feisty w/ Firefox 2.0.04 (with NoScript, Adblock, Adblock Filterset, and Flashblock) just does not act on this.

      I guess I need to install some version of Windows to experience this...I feel deprived and left out!

      Does this work with Firefox w/ NoScript on Windows?

      From past experience, I have no doubts that it works with any version of IE on any Windows platform.

      --
      Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
    2. Re:Ah well by Sizzlebeast · · Score: 3, Informative

      Firefox 2.0.0.4 w/ NoScript and it won't work on windows either. I guess i have to allow it...not gonna happen :) I guess I'm safe

  2. One of the demos on Firefox doesn't work by ericferris · · Score: 4, Informative

    I am using the latest Firefox 1.5. I went to the demo page : http://lcamtuf.coredump.cx/ifsnatch/ . The first test shows that it is possible to rewrite the content of an iframe. That is rather dangerous in situations involving trusted messages.

    The 2nd demo was supposed to snoop on the keyboad, but it invoked a pop-up, which was immediately blocked by the pop-up blocker. So unconfimed as far as I know. However, the demo page did open a CNN.com page.

    Anyone has better "luck" to demo the keyboard snooping?

    --
    Fantasy: http://ferrisfantasy.blogspot.com/
  3. Comment removed by account_deleted · · Score: 4, Informative

    Comment removed based on user account deletion

  4. Another Firefox vulnerability posted today by whitehatlurker · · Score: 3, Informative

    Thor Larholm also announced a Firefox hole today. Wasn't completely patched in the last release.

    --
    .. paranoid crackpot leftover from the days of Amiga.
  5. Re:But in order to be affected... by snowraver1 · · Score: 5, Informative

    It's called a Man-in-the-middle attack. Say you go to google.ca (I'm Canadian) It goes something like this:

    You> Yo DNS server, I wanna Talk to google.

    DNS> Roger that! Go to 72.14.253.103.

    You> Yo 72.14.253.103 Whacha got?

    72.14.253.103>Index.html

    You> Looks like Index.html says I need the google picture.

    Eve (Eve is sitting at the same coffee shop as you. Eve is bad)> Ahem, err, sir, I have this envelope for you. It's from google. It contains your picture. *Sniker*. (You don't notice the snicker)

    You> OH N0E$! TH3 P1CtUr3 us3d a buff3r ov3rflow vuln3rab1lity and n0w you have a virus that mak3s you typ3 lik3 a n00b!

    For more information look here: http://en.wikipedia.org/wiki/Man_in_the_middle_att ack

    --
    Copyright 2010. All rights reserved. This comment may not be copied in any way including, but not limited to caching.
  6. Re:probably NoScript by Barny · · Score: 3, Informative

    Yup, noscript doesn't let such nasties run, unless you give them permission, which seems to be half the problem for most internet users.

    As for the person saying noscript is hard to use, its usually a matter of just clicking the script item (like a youtube vid that is being blocked) and it allows it to run temporarily, should be built in standard imho.

    Combine it with a nice ad server blocker (kerio personal firewall for instance) and the web just suddenly starts working as it was meant to :)

    --
    ...
    /me sighs