Mozilla / Mozilla Firefox Frame Injection Vulnerability

Discussion in 'other security issues & news' started by ronjor, Jun 6, 2005.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,090
    Location:
    Texas
    Secunia
     
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Nice....

    I tried the test anyway and FF flunked....


    snowbound
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,090
    Location:
    Texas
    Snowbound

    Do you have a screenshot of the flunking?

    Scratch that. I got it too.
     
  4. Jeremy2

    Jeremy2 Registered Member

    Joined:
    Aug 17, 2004
    Posts:
    72
    FF is vulnerable, only if the links open in a new window, otherwise it's not, i.e: links open in a new tab. So, this maybe taken as a workaround.

    So, the vulnerability doesn't work if the links open in a new tab.
     
  5. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    605
    Location:
    Australia
    Same thing found here, I have everything forced to open in tabs and my FF passed....
     
  6. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,215
    Hi,

    Excuse my ignorance. How do you force everything to open in tabs?
    I edited about:config and changed showsinglewindow to true, but the test still opens a new window.
    Suggestions?


    I found it:

    browser.link.open_newwindow set to 3 instead of 2, this will open in tabs.
    browser.link.open_external set to 3 instead of 2, this will open in tabs.

    One more edit:

    I tried this also on another computer that I have proxomitron installed and without the above configuration. Proxo discovered the exploit and removed it. Hooah!

    Cheers,
    Mrk
     
    Last edited: Jun 7, 2005
  7. blabhead

    blabhead Registered Member

    Joined:
    May 18, 2004
    Posts:
    58
    Location:
    Massachusetts,U.S.A.
    it works for me
    Thank You
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.