Mozilla / Mozilla Firefox Frame Injection Vulnerability

Discussion in 'other security issues & news' started by ronjor, Jun 6, 2005.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Secunia
     
  2. snowbound

    snowbound Retired Moderator

    Nice....

    I tried the test anyway and FF flunked....


    snowbound
     
  3. ronjor

    ronjor Global Moderator

    Snowbound

    Do you have a screenshot of the flunking?

    Scratch that. I got it too.
     
  4. Jeremy2

    Jeremy2 Registered Member

    FF is vulnerable, only if the links open in a new window, otherwise it's not, i.e: links open in a new tab. So, this maybe taken as a workaround.

    So, the vulnerability doesn't work if the links open in a new tab.
     
  5. gottadoit

    gottadoit Security Expert

    Same thing found here, I have everything forced to open in tabs and my FF passed....
     
  6. Mrkvonic

    Mrkvonic Linux Systems Expert

    Hi,

    Excuse my ignorance. How do you force everything to open in tabs?
    I edited about:config and changed showsinglewindow to true, but the test still opens a new window.
    Suggestions?


    I found it:

    browser.link.open_newwindow set to 3 instead of 2, this will open in tabs.
    browser.link.open_external set to 3 instead of 2, this will open in tabs.

    One more edit:

    I tried this also on another computer that I have proxomitron installed and without the above configuration. Proxo discovered the exploit and removed it. Hooah!

    Cheers,
    Mrk
     
    Last edited: Jun 7, 2005
  7. blabhead

    blabhead Registered Member

    it works for me
    Thank You
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice