M
MsOsWin
i wonder if teh IFRAME filter in proxomitron wold block the 1st requirement?
OP
i wonder if teh IFRAME filter in proxomitron wold block the 1st requirement?
OP
M
Mel
elaich said:
JavaScript, not Java
A detailed explaination, by the chap who discovered the vulnerability
can be found here. He reports that they have discovered other
vulnerabilites that haven't been leaked.
http://www.greyhatsecurity.org/firefox.htm
"There are three core vulnerabilities being used in my example. A friend of mine (Michael Krax, http://www.mikx.de) helped me with
the research.
To understand why the example works, one must understand the basics of how Firefox works. Everything you see in firefox is
essentially a webpage being rendered by a compiler. This is what the gui is made of, and this is why firefox is so easy to
customize. However, it also allows for some security bugs. If one could get one of the chrome pages to request a javascript:[script]
url, that individual would be given complete access to the system because chrome urls are given full rights in firefox. My example
works by tricking the addon install function into displaying an icon with a javascript url. ..."
?
=?ISO-8859-1?Q?=BBQ=AB?=
For anyone who'd like to test them for regressions, there are now
candidate builds for Firefox 1.0.4, with the patch for the
vulnerabilities.
<http://weblogs.mozillazine.org/asa/archives/008121.html>
A
Aaron
Another possibility of course is that he might be thinking of theJavaScript, not Java
"firefox can infect IE via Java" case a few months back. But of course,
even in that case he would be mistaken, since Java would ask for permit
to run the applet.
A
Aaron
Well change it from Javascript to Java, and maybe that might be a bit
closer to the mark.
?