Next Page >>
WWW browser
1. XSS 1
A HTTP GET request against the following URL will, on a web browser
with Javascript support, cause a dialog box saying '1' to be displayed:
http://CACTIHOST/graph.php?action=zoom&local_graph_id=1&graph_end=1%27%20style=visibility:hidden%3E%3Cscript%3Ealert(1)%3C/script%3E%3Cx%20y=%27
This vulnerability is only exploitable if the victim is allowed to view
From your paper:
>>It is noteworthy that it has taken 19 months since the initial general
availability of IE7 (public release October 2006) to reach 52.5%
proliferation amongst users that navigate the Internet with Microsoft's
Web browser. Meanwhile, 92.2% of Firefox users have migrated to FF2.
Could this be due to the fact that Mozilla stops supporting, and issuing
updates for old versions just a few months after the release of a new
one?
Hi List,
For the last 18 month we analyzed the daily USER-AGENT data collected by
Google's Web search and application servers around the world to study how users
patch and update their Web browsers.
We came out that approximately 637 million (or 45.2 percent) users currently
surf the Web on a daily basis with an out-of-date browser – i.e. not running a
current, fully patched Web browser version.
A reply from Robert Hensing at Microsoft
(http://blogs.technet.com/robert_hensing/archive/2008/07/01/vulnerable-w
eb-browser-study-full-of-fail.aspx) says that your study did not include
minor version information for Internet Explorer, probably because such
information is not reported in the user-agent string. But fully-patched
copies of IE5 and IE6 are not insecure in the same way as an unsupported
version; Microsoft is still supporting them.
So is it true that your study calls anyone running IE7 secure, and
anyone running IE5 or IE6 insecure, regardless of their patch levels?
> From your paper:
>
>>>It is noteworthy that it has taken 19 months since the initial general
> availability of IE7 (public release October 2006) to reach 52.5%
> proliferation amongst users that navigate the Internet with Microsoft's
> Web browser. Meanwhile, 92.2% of Firefox users have migrated to FF2.
>
> Could this be due to the fact that Mozilla stops supporting, and issuing
> updates for old versions just a few months after the release of a new
> one?
- Hijack user accounts by stealing the victim's cookies that are
assigned to the victim's browser by the vulnerable website
- Hijack user accounts by injecting a "fake" html form on the html
rendered by the victim's web browser
- Redirect the victim to a malicious third-party website which would
perform a phishing attack to steal the user credentials or exploit a
vulnerability (i.e.: buffer overflow) on the victim's web browser in
order to compromise the victim's workstation
* XHR (XMLHttpRequest) as a vector for mail merging or wordlist attacks in
XPS/IPE attacks
We're going to show you how these two methods combine like Voltron into a whole
much larger than its parts. At the end of this short advisory you will be able
to take any Safari web browser and make it a spam drone, a wordlist-based logon
cracker for networks, or a relay for payloads to arbitrary daemons. You will be
able to do all of this without passing any shellcode or alerting any IDS to
compromise.
Let's cover the bug.
http://www.scip.ch/?vuldb.4020
I. INTRODUCTION
Check Point Connectra is a so-called SSL-VPN solution, which allows
users to access a remote system using a regular web browser.
More information is available on the official product web site at the
following URL[1]:
http://www.checkpoint.com/products/connectra/index.html
QuickTime is prone to a heap overflow vulnerability when parsing
malformed Panorama Sample Atoms, which are used in QuickTime Virtual
Reality
Movies. This Vulnerability allows attackers to execute code on
vulnerable installations. Successful exploitation via Web Browser
requires that the
attacker should trick the user into visiting a specially crafted webpage.
Affected versions :
======================================================================
Flock web browser v2.5.6 (Remote Memory Corrupt) Crash Exploit
======================================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
- Gallery -- begins to scan all images in phone memory and card, and
crashes soon, obviously when it encounters nokiacrash.jpg. So, just
putting this file anywhere in the filesystem is Gallery DoS.
- Web Browser -- does nothing when typing file:///E:/nokiacrash.jpg, but
crashes upon <IMG SRC=nokiacrash.jpg> in HTML file (of course,
Settings->Page->Load Content have to be set to "Images" or "All",
otherwise IMG tags are skipped).
_________________________________________
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Advisory Name: Chrome Password Manager Cross Origin Weakness
Release Date: 2010-02-15
Application: Google Chrome Web Browser
Versions: 4.0.249.78, 3.0.195.38, and likely earlier
Severity: Medium/Low
Author: Timothy D. Morgan <tmorgan (a) vsecurity . com>
Vendor Status: Update Released [2]
CVE Candidate: CVE-2010-0556
III. ANALYSIS
Successful exploitation allows an attacker to execute arbitrary code in
the context of the current user. Social engineering is required, as an
attacker must trick a user into viewing an image in the Web Browser,
viewing an e-mail with embedded image, opening an office file with
embbeded image, or downloading an image file and opening it within a
graphics rendering program.
IV. DETECTION
Novell iManager is a Web-based administration console that provides
customized secure access to network administration utilities and
content from any location in the world. With iManager you can manage
Novell Open Enterprise Server, Novell Identity Manager, Novell
eDirectory and many other Novell and third-party services from a web
browser. Novell iManager is prone to a stack-based buffer overflow
vulnerability that can be exploited by authenticated users to execute
arbitrary code, and to an off-by-one error that can be abused by
remote, unauthenticated attackers to cause a Denial of Service to the
application.
# W3C Amaya 10.1 Web Browser
#
# Amaya (URL Bar) Remote Stack Overflow Vulnerability
#
# Written and discovered by:
# r0ut3r (writ3r [at] gmail.com / www.bmgsec.com.au)
#
# Advisory: http://www.bmgsec.com.au/advisory/40/
# ------------------------------------------------------
#
# W3C Amaya 10.1 Web Browser
#
# Amaya (id) Remote Stack Overflow Vulnerability
#
# Written and discovered by:
# r0ut3r (writ3r [at] gmail.com / www.bmgsec.com.au)
#
# Advisory: http://www.bmgsec.com.au/advisory/41/
# ------------------------------------------------------
#
http://labs.idefense.com/intelligence/vulnerabilities/
Dec 09, 2008
I. BACKGROUND
Internet Explorer is a graphical web browser developed by Microsoft
Corp. that has been included with Microsoft Windows since 1995. For
more information about Internet Explorer, please the visit following
website: http://www.microsoft.com/ie/
II. DESCRIPTION
The tested device has the following User-Agent:
Mozilla/5.0 (SymbianOS/9.2;U;Series60/3.1 NokiaE90-1/210.34.75
Profile/MIDP-2.0 Configuration/CLDC-1.1) AppleWebKit/413 (KHTML)
Safari/413
Note: Although the Nokia Web Browser is built upon a port of the
open source WebKit used by Apple for its browser, the iPhone is not
affected (at least the iPhone firmware version 2.0.2(5C1))
====================================================
2) Severity
The WebKit application framework is included to facilitate development
of web client application functionality. The framework in turn uses
different third-party open source libraries to implement processing of
several image formats.
Android includes a web browser based on the Webkit framework that
contains multiple binary vulnerabilities when processing .GIF, .PNG and
.BMP image files, allowing malicious client-side attacks on the web
browser. A client-side attack could be launched from a malicious web
site, hosting specially crafted content, with the possibility of
executing arbitrary code on the victim's Android system.
Method 1:
The updates are available for download using the following procedures:
1. Open a web browser and visit http://www.hp.com
2. In the Search field, type the applicable SoftPaq number from the list below. Start the search.
3. Select an item from the search results.
Method 1:
The updates are available for download using the following procedures:
1. Open a web browser and visit http://www.hp.com
2. In the Search field, type the applicable SoftPaq number from the list below. Start the search.
3. Select an item from the search results.
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 12, 2008
I. BACKGROUND
Internet Explorer is a graphical web browser developed by Microsoft
Corp. that has been included with Microsoft Windows since 1995. For
more information about Internet Explorer, visit following URL.
http://www.microsoft.com/ie/
http://labs.idefense.com/intelligence/vulnerabilities/
Dec 11, 2007
I. BACKGROUND
Internet Explorer is a graphical web browser developed by Microsoft
Corp. and included as part of Microsoft Windows since 1995. The
setExpression method is commonly used to assign a JavaScript expression
to a CSS or DHTML object within a web page. For more information, visit
the following URLs.
I'll demonstrate how to get administrator rights even
if the victim has a protection against XSS (NoScript
Firefox plugin for example). First, the attacker will
fix the victim's session id by setting a cookie to
the victim. Then he'll also force the victim's web
browser to establish a connexion to a script that
will get the victim's IP. Take a look at this schema:
+----------------------------------------------------------+
| The attacker post a comment using the XSS vulnerability. |
| The code which will be executed on the client browser |
> "[..]it's counterproductive to bash Firefox.[..]"
I have no intension of bashing Firefox. However, in
my opinion, such link obfuscation touches effectively
every man in the street, and a web browser should tackle
a problem in a different way. (differnt treatment of
misguiding URL elements, problem of direct linking, etc.)
[MajorSecurity Advisory #64]Apple Safari 4.0.4 Denial of Service
Details
============
Product: Apple Safari Webbrowser
Security-Risk: low
Remote-Exploit: yes
Vendor-URL: http://www.apple.com/safari/
Vendor-Status: informed
Advisory-Status: published on 02-02-2010
http://labs.idefense.com/intelligence/vulnerabilities/
Mar 30, 2010
I. BACKGROUND
Internet Explorer is a graphical web browser developed by Microsoft
Corp. that has been included with Microsoft Windows since 1995. For
more information about Internet Explorer, please the visit following
website:
http://www.microsoft.com/ie/
Greetz to Neel, Mark, Redpig, Spoonm, Skylined, asiraP, LiquidK, ScaryBeasts,
Hawkes, Jagger, and all my other pimp colleagues.
Special thanks to lcamtuf for his assistance with the deferred execution
problem. You should read his Browser Security Handbook if you need to
understand how web browser security /really/ works.
http://code.google.com/p/browsersec/wiki/Main
A colleague is organising a conference in Lucerne, Switzerland. He would really
appreciate interesting papers from security people who want to talk about
Original URL:
http://securityreason.com/achievement_securityalert/76
- --- 0.Description ---
Camino (from the Spanish word camino meaning "way", "path" or "road") is a free, open source, GUI-based Web browser based on Mozilla's Gecko layout engine and specifically designed for the Mac OS X operating system. In place of an XUL-based user interface used by most Mozilla-based applications, Camino uses Mac-native Cocoa APIs, although it does not use native text boxes.
- --- 1. Camino 1.6.10 Remote Array Overrun (Arbitrary code execution) ---
The main problem exist in dtoa implementation. Camino has the same dtoa as Firefox, SeaMonkey, Chrome, Opera etc.
and it is the same like SREASONRES:20090625.
http://labs.idefense.com/intelligence/vulnerabilities/
Oct 28, 2009
I. BACKGROUND
Firefox is the Mozilla Foundation's open source internet web browser.
Among the browser's capabilities is the display of GIF images. GIF is a
widely used image format with features such as loss-less compression,
animation and color palettes. For more information, visit the URLs
shown below.
Next Page>>
|
