OSVDB ID: 32104 Title: Mozilla Multiple Products location.hostname Null Byte URI Security Bypass |
Info |
|
|
Dates |
||||
|
|
Description |
Mozilla Firefox, Mozilla SeaMonkey, and other Mozilla-based browsers contain a flaw that may allow a remote attacker to bypass security restrictions and gain knowledge of sensitive information. The issue is due to Mozilla-based browsers improperly handling writes to the 'location.hostname' DOM property. The flaw is triggered when a malicious web page writes a hostname value containing NULL characters ('\x00') to the 'location.hostname' DOM property, allowing for alteration of the 'document.domain' in order to bypass the same-origin policy for cross-frame/cross-window data access. This may allow an attacker the ability to manipulate authentication cookies for third party web pages and tamper with the way these sites are displayed or how they work, resulting in a loss of confidentiality. |
Classification |
Location:
Remote / Network Access
Attack Type: Input Manipulation Impact: Loss of Confidentiality Exploit: Exploit Public Disclosure: OSVDB Verified, Vendor Verified |
Solution |
Upgrade to the following product versions, as they have been reported to fix this vulnerability: Mozilla Firefox: version 1.5.0.10 or higher Mozilla Firefox 2: version 2.0.0.2 or higher Mozilla SeaMonkey: version 1.0.8 or higher It is also possible to correct the flaw by implementing the following workaround: Deny setting location.hostname by placing the following line in your user.js file: user_pref("capability.policy.default.Location.hostname.set", "noAccess"); If you don't have one, create one in notepad and place it in your profile directory (e.g. C:\Program Files\Mozilla Firefox\defaults\profile). |
Products |
|
Credit |
|
coredump.cx - http://lcamtuf.coredump.cx/