Mozilla Firefox window.location Referer Spoofing

Firefox 2.0.0.10 has been released.

Included in the update is a fix for the window.location race condition security vulnerability that I discovered. By abusing the race condition, it is possible to spoof referer values. This is a pretty powerful technique when performing cross-site request forgery (CSRF). The only challenge is that an alert, confirm or prompt modal dialog needs to be displayed for the race condition to be exploitable. That is where some social engineering skills may come in handy.

A more detailed discussion and demonstration.

Posted by gfleischer on 2007/11/26 at 21:51 in Vulnerabilities

Home

Subscribe
RSS 2.0
Quick Links
Content
Info

Categories
Archives
Sitemap
Valid XHTML 1.0 Transitional Valid CSS!