Gaping Holes In Fully Patched IE7, Firefox 2

Continent1106 writes "Hacker Michal Zalewski has ratcheted up his ongoing assault on Web browser security models, releasing details on serious flaws in fully patched versions of IE6, IE7 and Firefox 2.0. The vulnerabilities could cause cookie stealing, page hijacking, memory corruption, code execution, and URL bar spoofing attacks." Here is Zalewski's post to Full Disclosure.

Ah well

[GFree]

Gaping Holes In Fully Patched IE7, Firefox 2

In other words, it doesn't matter which browser you use, you're gonna get F'd in the A regardless? Sounds painful.

Re:Ah well

[rts008]

RTFA...Try the demo's...It will reduce the FUD.

I tried the demo page/file and got no response whatever.

"2) Title : Firefox Cross-site IFRAME hijacking (MAJOR)
      Impact : keyboard snooping, content spoofing, etc
      Demo : http://lcamtuf.coredump.cx/ifsnatch/
      Bugzilla : https://bugzilla.mozilla.org/show_bug.cgi?id=38268 6 [May 30]"
from:(http://lcamtuf.coredump.cx/ifsnatch/) which is from:2) Title : Firefox Cross-site IFRAME hijacking (MAJOR)
      Impact : keyboard snooping, content spoofing, etc
      Demo : http://lcamtuf.coredump.cx/ifsnatch/
      Bugzilla : https://bugzilla.mozilla.org/show_bug.cgi?id=38268 6 [May 30]"

and this:"3) Title : Firefox file prompt delay bypass (MEDIUM)
      Impact : non-consentual download or execution of files
      Demo : http://lcamtuf.coredump.cx/ffclick2/
      Bugzilla : https://bugzilla.mozilla.org/show_bug.cgi?id=37647 3 [Apr 04]"

I tried both link's test button and got no response whatever.

IMHO, this must be something related to running Windows, as my Kubuntu 7.04 Feisty w/ Firefox 2.0.04 (with NoScript, Adblock, Adblock Filterset, and Flashblock) just does not act on this.

I guess I need to install some version of Windows to experience this...I feel deprived and left out!

Does this work with Firefox w/ NoScript on Windows?

From past experience, I have no doubts that it works with any version of IE on any Windows platform.

One of the demos on Firefox doesn't work

[ericferris]

I am using the latest Firefox 1.5. I went to the demo page : http://lcamtuf.coredump.cx/ifsnatch/ . The first test shows that it is possible to rewrite the content of an iframe. That is rather dangerous in situations involving trusted messages.

The 2nd demo was supposed to snoop on the keyboad, but it invoked a pop-up, which was immediately blocked by the pop-up blocker. So unconfimed as far as I know. However, the demo page did open a CNN.com page.

Anyone has better "luck" to demo the keyboard snooping?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:But in order to be affected...

[snowraver1]

It's called a Man-in-the-middle attack. Say you go to google.ca (I'm Canadian) It goes something like this:

You> Yo DNS server, I wanna Talk to google.

DNS> Roger that! Go to 72.14.253.103.

You> Yo 72.14.253.103 Whacha got?

72.14.253.103>Index.html

You> Looks like Index.html says I need the google picture.

Eve (Eve is sitting at the same coffee shop as you. Eve is bad)> Ahem, err, sir, I have this envelope for you. It's from google. It contains your picture. *Sniker*. (You don't notice the snicker)

You> OH N0E$! TH3 P1CtUr3 us3d a buff3r ov3rflow vuln3rab1lity and n0w you have a virus that mak3s you typ3 lik3 a n00b!

For more information look here: http://en.wikipedia.org/wiki/Man_in_the_middle_att ack