Another Firefox Focus File Stealing Bug

November 20th, 2007

Well, another Firefox focus file stealing bug has been reported. Let's see. That took a little over a month since the problem was supposedly resolved in Firefox 2.0.0.8.

Originally reported to Bugzilla by "tha featurizer" based on http://www.0x000000.com/index.php?i=479.

Firefox 3 can't come soon enough. The focus issue should finally be resolved given that the text entry box on the File input element is no longer accessible. That is probably less than desirable from a usability perspective, but I think the security implications definitely override any usability concerns.

I've submitted a sample exploit to Bugzilla. Once the exploit is made public I'll post an online version.

Posted by gfleischer on 2007/11/20 at 00:13 in Vulnerabilities
Home
Subscribe
RSS 2.0
Quick Links
Content
Info
Categories
Archives
Sitemap
Valid XHTML 1.0 Transitional Valid CSS!