| To: | full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com, "WASC Forum" <websecurity@webappsec.org> |
|---|---|
| Subject: | Firefox Cache Hack - Firefox History Hack redux |
| From: | "pdp (architect)" <pdp.gnucitizen@googlemail.com> |
| Date: | Fri, 23 Feb 2007 12:32:29 +0000 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | bugtraq-list@securepoint.com |
| Delivered-to: | mailing list bugtraq@securityfocus.com |
| Delivered-to: | moderator for bugtraq@securityfocus.com |
| Dkim-signature: | a=rsa-sha1; c=relaxed/relaxed; d=googlemail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=oEUGkFcjU4epx/7uCqnPU5l15qLjG3T3F/GrquZgRoo3wcPIxgycxl4QG4sO4kG2H2wkgFKgCktfa1Gy5G1zHzAa3xeV9bT9bNsoWADf6YZo84l6Jo/EftrWSoZQI7zjvBy5uhwb+rcjk40iVnqZ2Xu5E2mrGjhISuy5KxQ+z9I= |
| Domainkey-signature: | a=rsa-sha1; c=nofws; d=googlemail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=tJOiFIJdpF5Nuc8LtQ+WbDyjDsqU+NnpvPb19yMQToTCeclXkv2rSAHSBrS6d1UouesH5dyLBfuxXjBIRUyhlQplUllvthCYp4IMYM9fn98yfZ7prf3TvkdTj2GqfUn4Blrhj0SNn0RUyDAdrkTT9wMZ883qP8NUWdAZ1j1rFf4= |
| List-help: | <mailto:bugtraq-help@securityfocus.com> |
| List-id: | <bugtraq.list-id.securityfocus.com> |
| List-post: | <mailto:bugtraq@securityfocus.com> |
| List-subscribe: | <mailto:bugtraq-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:bugtraq-unsubscribe@securityfocus.com> |
| Mailing-list: | contact bugtraq-help@securityfocus.com; run by ezmlm |
http://www.gnucitizen.org/projects/hscan-redux/ Inspired by Michal Zalewski recent Firefox bug hunt, I decided to give it a go and see what I can come up with. We all know how vulnerable Firefox and other browsers are. This is the reason why I am not particularly interested in finding specific browser bugs. However, when you are in hackmode things like this don't really matter. This vulnerability is not a reworked version of Jeremiah Grossman history hack. It is completely different and it should be treated as a new issue. The peculiar thing about this vulnerability is that it tells you which URLs you have attended during the current browser session (the last time you opened your browser). I am not sure how useful this is. Keep in mind that attackers can abuse this vulnerability in order to extract valuable information about your browsing habits. They can also use this hack to precisely detect whether you are logged into your router management interface. They can use this hack to detect your router type and version as well. Based on this information, they might be able to compromise the integrity of your network. -- pdp (architect) | petko d. petkov http://www.gnucitizen.org |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [Full-disclosure] Firefox bookmark cross-domain surfing vulnerability, Daniel Veditz |
|---|---|
| Next by Date: | MSIE7 browser entrapment vulnerability (probably Firefox, too), Michal Zalewski |
| Previous by Thread: | iDefense Security Advisory 02.22.07: IBM DB2 Universal Database DB2INSTANCE File Creation Vulnerability, iDefense Labs |
| Next by Thread: | Re: [Full-disclosure] Firefox Cache Hack - Firefox History Hack redux, Ben Bucksch |
| Indexes: | [Date] [Thread] [Top] [All Lists] |