Информационная безопасность
[RU] switch to English


Различные уязвимости метода OnUnload в популярных браузерах
дополнено с 23 февраля 2007 г.
Опубликовано:28 февраля 2007 г.
Источник:
SecurityVulns ID:7297
Тип:клиент
Уровень опасности:
6/10
Описание:Различные повреждения памяти связанные с кратковременными событиями при выполнении метода OnUnload(). Кроме того, возможна подмена адреса страницы и создание страниц, которые невозможно покинуть.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MOZILLA : Firefox 1.5
 MOZILLA : Firefox 2.0
 MICROSOFT : Windows Vista
 OPERA : Opera 9.20
CVE:CVE-2007-1256 (Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address bar, favicons, and document source, and perform updates in the context of arbitrary websites, by repeatedly setting document.location in the onunload attribute when linking to another website, a variant of CVE-2007-1092.)
 CVE-2007-1095 (Mozilla Firefox does not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.)
 CVE-2007-1094 (Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (NULL dereference and application crash) via JavaScript onUnload handlers that modify the structure of a document.)
 CVE-2007-1092 (Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects.)
 CVE-2007-1091 (Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers.)
Оригинальный текстdocumentperpetualmotionuk, RE: MSIE7 browser entrapment vulnerability (probably Firefox, too) (28.02.2007)
 documentMOZILLA, Mozilla Foundation Security Advisory 2007-08 (27.02.2007)
 documentSECUNIA, Secunia Research: Internet Explorer 7 "onunload" Event Spoofing Vulnerability (23.02.2007)
 documentMichal Zalewski, Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr) (23.02.2007)
 documentMichal Zalewski, MSIE7 browser entrapment vulnerability (probably Firefox, too) (23.02.2007)
 documentMichal Zalewski, Firefox: onUnload tailgating (MSIE7 entrapment bug variant) (23.02.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород