Mozilla Firefox window.location Referer Spoofing

November 26th, 2007

Firefox 2.0.0.10 has been released.

Included in the update is a fix for the window.location race condition security vulnerability that I discovered. By abusing the race condition, it is possible to spoof referer values. This is a pretty powerful technique when performing cross-site request forgery (CSRF). The only challenge is that an alert, confirm or prompt modal dialog needs to be displayed for the race condition to be exploitable. That is where some social engineering skills may come in handy.

A more detailed discussion and demonstration.

Posted by gfleischer on 2007/11/26 at 21:51 in Vulnerabilities
Home
Subscribe
RSS 2.0
Quick Links
Content
Info
Categories
Archives
Sitemap
Valid XHTML 1.0 Transitional Valid CSS!