Using custom Microsoft Agent characters it is possible to cover any kind of windows, including security or download dialogs. This is an expected feature of the Microsoft Agent control. Because custom characters are fully scriptable, can have any kind of shape and are downloaded automatically, this can be used as a flexible tool to cover and/or spoof any kind of window and lure the user to execute arbitrary code by performing one or two clicks (depending on security zone configuration and Windows version).
64aab85262376be4b710a7ace4d6f5f4Mozilla Firefox versions 1.0.4 and below 'Set As Wallpaper' code execution exploit.
4edb4b62ae413afc0a51e8a7fc4eb985Even though Firefox 1.0.1 patched one of the key bugs behind the firescrolling exploit (the ability of plugins to load chrome files in a hidden frame) the ability to hijack a drag and drop operation and open a privileged xul file is still available.
18769e0ea4aec6844830c631a886e81eUsing plugins like Flash and the -moz-opacity filter, it is possible to display the about:config site in a hidden frame or a new window in Firefox 1.0 and Mozilla 1.7.5.
1a888919694e733f676b439ed3dc0482The Javascript security manager can be bypassed when a link is dropped to a tab in Firefox 1.0 and Mozilla 1.7.5.
e22cb9d98539910ade56614bdcb29ce3Firefox built-in protection against allowing dragged non-image files can be bypassed when an executable is passed with a content-type of image/gif. Tested with Firefox 1.0 and Mozilla 1.7.5.
0cf3d7f3f08982e705c77f7fa51bf859Using javascript, is it still possible to spoof the content of security and download dialogs by covering them with a pop up window. This flaw has gone unpatched for 3 months. Tested with Firefox 1.0, Mozilla 1.7.5 and Netscape 7.1 on Windows XP SP2.
34ff792dcfb1b2647aeab4d180213bb9A series of tests were performed to find Cross-Site Scripting (XSS) vulnerabilities. It quickly turned out that the majority of all major websites suffer from some kind of XSS flaw. This is a disclosure of 175 vulnerabilities at once.
003710494b7d82e6fcf4539f771db499
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed