firefox

I have high hopes for this research done by Gareth Heyes. It looks pretty bad what happens here. It is allowed to spoof different types of window attributes or objects, but also to abuse them cause interesting behaviorism in Firefox. Gareth showed me more, and I think this is going to turn out pretty bad, because it implies that you override almost anything that was set. But, Gareth also told me that he wasn't able to overwrite the document.location object. if that was the issue we could break the same origin policy and that would be one of the biggest vulnerabilities in Firefox so far.  read more »

Yet another nice feature, I only got it working in Firefox. Internet Explorer works also, but only local and not remote. See code below or visit the link to try it out. It might crash Firefox, but that isn't a surprise. Firefox is the crash king.

FireFox: What a haunted browser it is!Gareth and I, chatted a bit about the Javascript console in FireFox. I knew it can pop up in the strangest places. So we thought: how about popping it up on purpose? And of course we tried it out. I constructed a couple of vectors based on our ideas, try 'em out in BrowserFry if you like. Pretty tricky stuff!Happy Halloween!

Okay, I made a better video when I was toying with BrowserFry. The previous video was screwed up by Google, so I uploaded it to a file host instead so you can see how easy it is to launch quick browser tests. This example shows all steps to the latest vulnerability in FireFox, found in exactly 3 minutes due to this new software. Imagine *me* or *you* using this tool all day long, Nah... I don't really want do this all day! So, I have to get back to work on some new projects I have, I hope you can use the tool as well, enjoy the movie and see ya soon!

Okay, so I woke up this morning thinking it's a cold day today, let's dos Firefox again. This ain't unusual, so I did it. However, there is a slight difference with this one. This is a real denial of service, the exploit below manages to add a bookmark and when the bookmark is set and you click it, Firefox will not respond to ANY uri anymore. Even when you restart Firefox it is impossible to go to Google for instance. See the screenshot below. The reasons I call it a real denial of service is because browser vendors always say that a denial of service is persistent.  read more »

It is also possible to dos Firefox with looping in location.href in Firefox. It tries to change the location to Google but before it gets a chance it loops right back. it bypasses the recursion protection for quite some time. If you do no interact with the page it eventually goes to Google, if you click somewhere inside the page, it probably will crash Firefox.

Don't worry this technique is known, but this time I made a couple of examples to illustrate it's behavior. It utilizes the illusion of selected text. When the selected text is copied or dragged into the URL bar it gets executed because Firefox thinks you have the proper rights to do so. The first example does exactly this and tries to install an Firefox XPI. The seconds one tries to access your local file system, this can only be done by dragging it as a bookmark. Well, this seems an exotic attack, but think again: how many times did you drag hyperlinks and text?  read more »

I always felt that security cannot be simplified. It stands in the way of usability because it requires alertness and a clear mind. While I was busy with the previous example I thought about Firefox master password. I tested this feature and I saw that it only asked me a simple Javascript prompt to enter it.Well we can copy this stuff fairly easy by making our own prompt. I think the trick is to time when you want to throw it at a surfer.  read more »

I found this vulnerability in Firefox moments ago while I was playing with the urlbar. It seems Firefox is vulnerable to null byte file type corruption. It is possible to execute files as a different filetype and trick Firefox into executing it. Is this dangerous?  read more »

When you tell Firefox to remember your user-name and password to a login service, it encrypts the access credentials and stores them in a database file in your profile directory. Yet, anyone can open Firefox’s password manager and view your secure login credentials.In order to keep prying eyes out of your login information, one can [...]