This site uses cookies to improve your experience. By viewing our content, you are accepting the use of cookies. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country we will assume you are from the United States. View our privacy policy and terms of use.

Sat.Nov 15, 2008 - Fri.Nov 21, 2008

article thumbnail

E4X and a Firefox XML injection bug

Scary Beasts Security

NOVEMBER 18, 2008

Up-front credit to my colleagues Filipe Almeida and Michal Zalewski who led the way in E4X security research. If you haven't heard of E4X, or don't know why Firefox's E4X support should scare you, please consider reading this article. I've just released details for a recently fixed Firefox XML injection bug. It's one of those bugs that is in search of a good exploitation opportunity.

50
50
article thumbnail

Firefox cross-domain image theft. and the "302 redirect trick"

Scary Beasts Security

NOVEMBER 17, 2008

Here's the first bug with full details from my PacSec presentation. It's fixed in the recent Firefox 2.0.0.18 update. Firefox 3 was never vulnerable. In a nutshell, decent modern browsers permit you to read the pixels from an image by rendering images to a and calling the Javascript APIs getImageData or toDataUrl. Therefore, cross-domain checks are required on the usage of these APIs.

50
50
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Trending Sources

article thumbnail

PacSec presentation

Scary Beasts Security

NOVEMBER 16, 2008

My recent PacSec presentation (with Billy Rios), entitled "Cross-domain leakiness", is now online. You can view it via this link. There's a new way to attack SSL-enabled web apps in there ("Cookie Forcing"); a bunch of serious browser cross-domain thefts (many not yet disclosed); and attacks against the paranoid one window / one tab browsing model. The slides by themselves are a little sketchy on detail.

50
50
article thumbnail

Owning the paranoid: browser background traffic

Scary Beasts Security

NOVEMBER 21, 2008

When I talk to a lot of security researchers or paranoid types, it's very common to hear them describe how they very carefully access their bank account or personal GMail etc. Generally, the model used is to launch a separate browser instance, and navigate straight to an https bookmark. The session remains single-window, single-tab. It's a powerful model; the intent is to eliminate the chance of another (http) tab being a vector for owning the browser, or more likely abusing a cross-domain flaw

Banking 50
Banking Accountability 50
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 

Stay Connected

Join 29,000+ Insiders by signing up for our newsletter

About
About
Editions
Editions
Topics
Powered by Aggregage | Terms and Conditions | Your California Rights and Privacy Policy
© Aggregage 2024