Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords

bugtraq

Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords

To:	3APA3A <3APA3A@SECURITY.NNOV.RU>, quincy@gmail.com
Subject:	Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip
From:	Juha-Matti Laurio <juha-matti.laurio@netti.fi>
Date:	Thu, 21 Dec 2006 23:43:13 +0200 (EET)
Cc:	bugtraq@securityfocus.com
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	bugtraq-list@securepoint.com
Delivered-to:	mailing list bugtraq@securityfocus.com
Delivered-to:	moderator for bugtraq@securityfocus.com
List-help:	<mailto:bugtraq-help@securityfocus.com>
List-id:	<bugtraq.list-id.securityfocus.com>
List-post:	<mailto:bugtraq@securityfocus.com>
List-subscribe:	<mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe:	<mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list:	contact bugtraq-help@securityfocus.com; run by ezmlm

Additionally, the CVSS (Common Vulnerability Scoring System) Severity score of the issue 
is 2.3, i.e. "Low":
http://nvd.nist.gov/cvss.cfm?name=CVE-2006-6077&vector=%28AV:R/AC:L/Au:NR/C:P/I:N/A:N/B:N%29

- Juha-Matti

3APA3A <3APA3A@SECURITY.NNOV.RU> wrote:

Dear quincy@gmail.com,

It's
https://bugzilla.mozilla.org/show_bug.cgi?query_format=specific&order=relevance+desc&bug_status=__open__&id=360493

and  it  was  discussed. It can only steal password from the site if site
allows to upload form or has crossite scripting errors.

--Wednesday, December 20, 2006, 1:02:54 PM, you wrote to 
bugtraq@securityfocus.com:

qgc> critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a 
videoclip
qgc> PoC here: http://www.info-svc.com/news/11-21-2006/rcsr1/


--
~/ZARAZA
http://www.security.nnov.ru/

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip, quincy Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip, 3APA3A Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip, Juha-Matti Laurio <= Re[2]: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip, Thierry Zoller

Previous by Date:	RE: Enforcing Java Security Manager in Restricted Windows Environments?, Jan P. Monsch
Next by Date:	RE: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day, Michele Cicciotti
Previous by Thread:	Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip, 3APA3A
Next by Thread:	Re[2]: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip, Thierry Zoller
Indexes:	[Date] [Thread] [Top] [All Lists]