Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:22215
HistoryJul 27, 2009 - 12:00 a.m.

URL spoofing bug involving Firefox's error pages and document.write

2009-07-2700:00:00
vulners.com
86

Application: Firefox 3.0.11
OS: Windows XP - SP3

1 - Description
2 - Vulnerability
3 - POC/EXPLOIT

Description

This software is a popular web browser that supports multiple platforms as
(windows,linux,macos).


Vulnerability

The bug is caused when you try to open a url with a invalid char, in this time, you can edit
the error page, and make a "spoof".

This not would be important because when you make the spoof the "invalid web" is loading all
time, but as firefox allow that you call the "stop" method of other page you can stop this.

The result of this is a fake page.


POC/EXPLOIT

The poc is a simple script that have a window.open(), it calls the url with invalid char, the
invalid char can be a "," or "%" is important that you add some "%20" for display a "white
space" in the url.

http://es.geocities.com/jplopezy/firefoxspoofing.html

PD : I send this to bugzilla

Juan Pablo Lopez Yacubian