Mozilla / Mozilla Firefox Frame Injection Vulnerability

Discussion in 'other security issues & news' started by ronjor, Jun 6, 2005.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,728
    Location:
    Texas
    Secunia
     
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Nice....

    I tried the test anyway and FF flunked....


    snowbound
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,728
    Location:
    Texas
    Snowbound

    Do you have a screenshot of the flunking?

    Scratch that. I got it too.
     
  4. Jeremy2

    Jeremy2 Registered Member

    Joined:
    Aug 17, 2004
    Posts:
    72
    FF is vulnerable, only if the links open in a new window, otherwise it's not, i.e: links open in a new tab. So, this maybe taken as a workaround.

    So, the vulnerability doesn't work if the links open in a new tab.
     
  5. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    Same thing found here, I have everything forced to open in tabs and my FF passed....
     
  6. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hi,

    Excuse my ignorance. How do you force everything to open in tabs?
    I edited about:config and changed showsinglewindow to true, but the test still opens a new window.
    Suggestions?


    I found it:

    browser.link.open_newwindow set to 3 instead of 2, this will open in tabs.
    browser.link.open_external set to 3 instead of 2, this will open in tabs.

    One more edit:

    I tried this also on another computer that I have proxomitron installed and without the above configuration. Proxo discovered the exploit and removed it. Hooah!

    Cheers,
    Mrk
     
    Last edited: Jun 7, 2005
  7. blabhead

    blabhead Registered Member

    Joined:
    May 18, 2004
    Posts:
    55
    Location:
    Massachusetts,U.S.A.
    it works for me
    Thank You
     
Loading...
Thread Status:
Not open for further replies.