Secunia reports Firefox’s DOM Property Handling Vulnerability
February 18th, 2007 Leave a comment Visited 25 times, 1 so far today
Secunia reports Firefox’s DOM Property Handling Vulnerability
A new security flaw has been discovered in the popular Mozilla Firefox web browser. Secunia reports on this flaw:
Michal Zalewski has reported a vulnerability in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions.
The vulnerability is caused due to an error in the handling of the “locations.hostname” DOM property. This can be exploited to e.g. manipulate authentication cookies for an arbitrary web site via assigning a URL including a NULL character (”\x00″) to “locations.hostname”.
The service adds that the exploitation requires that the user is tricked into visiting a specially designed web page.
The flaw is present in the latest releases of the Firefox browser.
Checkout:
Secunia: Mozilla Firefox “locations.hostname” DOM Property Handling Vulnerability
|
TechWhack on Facebook
|
This website uses IntenseDebate comments, but they are not currently loaded because either your browser doesn't support JavaScript, or they didn't load fast enough.