Firefox under fire ...

CuR10u · February 18, 2007, 3:08am

(1) How’d u feel if some web site will steal your files from your PC. Be it “/etc/passwd” or “C:\BOOT.INI” or else.

One old security issue that still exists in the latest version of firefox that allows to steal files. Check out the following demonstration … it’d display your “BOOT.INI” in your browser. You just need to TYPE IN the sentece in bold characters and boom! …it’s gone.
http://lcamtuf.coredump.cx/focusbug/ffversion.html

(for techies) … it captures specific characters from the sentence you typed, and makes the path to that file and browser is made to assume as if you have allowed to UPLOAD that file … so don’t do too much typing on GS

And BTW, it’s not just FF alone, both IE and Opera also allow doing that … how could Microsoft stay behind in doing blunders … checkout a similar exploit for IE 7 and possibly IE 6:
http://lcamtuf.coredump.cx/focusbug/ieversion.html

(2) Another issue in Firefox (specifically) allows scripts to steal/manipulate cookies of any web site, if you include a NULL character in the URL … a URL of the form “evil.com\x00foo.example.com” will allow “evil.com” to steal cookies for “example.com” … scary eh!? …yes it is.
http://lcamtuf.dione.cc/ffhostname.html

(3) One more minor issue related to about:blank can be used for phishing purposes. Again all three browsers have that problem.

OK … so these were the latest greates news … purpose was to let you guys know of the issues (specially the first two) that affect most of you (probably all of you).

GreenBird · February 18, 2007, 4:27am

Re: Firefox under fire ...

This news is being spread to malign Firefox.

Firefox is a browser that is about to take ove the Internet Explorer very soon.

THESE ARE NOT VULNERABILITIES, folks.

CuR10u · February 18, 2007, 2:24pm

Re: Firefox under fire …

Please re-read what i said is the purpose of my post. This is not a campaign against Firefox, i have mentioned other browsers too, including IE7.

FYI … from time to time, i post major issues just to keep guppies aware of.

And before you give ur verdict that " THESE ARE NOT VULNERABILITIES", you should learn more on what is a VULNERABILITY and what’s not.
I hope you’d have heard of CVE … following references for sure will stop the debate of vulnerability or not (if u know what CVE’s and BIDs are):

(1) For the first issue of file upload:

CVE reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2894
BID reference: http://www.securityfocus.com/bid/18308

Notice that i have said it’s an old issue but still exists in latest versions.

(2) For the second issue of cookies stealing:

CVE reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0981
BID reference: http://www.securityfocus.com/bid/22566

(3) Third issue came out just two days ago, so it’s not yet assigned CVE, but here’s the BID:
http://www.securityfocus.com/bid/22601

CuR10u · February 18, 2007, 3:10pm

Re: Firefox under fire ...

.... and BTW, there's nothing in it to get panicked ..... even worst things keep coming in browsers and other applications. It's said, it will be fixed in FF version 2.0.0.2, which is on its way ..... so i hope folks will understand that i am not spreading any NEWS (and i don't know if there's such thing going around), i just acted independently.