Articles récents

Catégories

admin

icon_firefox[CVE-2018-5182] Local file can be displayed from hyperlink dragged and dropped on Addressbar

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5182 Local file can be displayed from hyperlink dragged and dropped on Addressbar Announced: May 9, 2018 Reporter: Jordi Chancel Impact: Low Products: Firefox Fixed in: Firefox 60 Description : If a text string that happens to be a filename in the operating system’s native format is dragged and dropped onto the addressbar the specified local file will be opened. This is contrary to policy and is what would happen

icon_firefox[CVE-2017-7834] Data: URLs opened in new tabs bypass CSP protections

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7834 data: URLs opened in new tabs bypass CSP protections Announced: November 14, 2017 Reporter: Jordi Chancel Impact: Moderate Products: Firefox Fixed in: Firefox 57 Description : A data: URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when data: documents also inherited the context of the

icon_firefox[CVE-2017-7770] Addressbar spoofing with JavaScript events and fullscreen mode on Firefox for Android

https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7770 Addressbar spoofing with JavaScript events and fullscreen mode Announced: June 13, 2017 Reporter: Jordi Chancel Impact: Moderate Products: Firefox Fixed in: Firefox 54 Description : Security researcher Jordi Chancel reported a mechanism where when a new tab is loaded through JavaScript events, if fullscreen mode is then entered, the addressbar will not be rendered. This would allow a malicious site to displayed a spoofed addressbar, showing the location of

icon_firefox[CVE-2017-5451] Addressbar spoofing with onblur event

Addressbar spoofing with onblur event https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5451 Announced: April 19, 2017 Reporter: Jordi Chancel Impact: Moderate Products: Firefox Fixed in: Firefox 53 Description : Security researcher Jordi Chancel reported a mechanism to spoof the addressbar through the user interaction on the addressbar and the onblur event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded

icon_firefox[CVE-2017-5452] Addressbar spoofing during scrolling with editable content on Firefox for Android

Addressbar spoofing during scrolling with editable content on Firefox for Android https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5452 Announced: April 19, 2017 Reporter: Jordi Chancel Impact: Low Products: Firefox Fixed in: Firefox 53 Description : Malicious sites can display a spoofed addressbar on a page when the existing location bar on the new page is scrolled out of view if an HTML editable page element is user selected. Note: This attack only affects Firefox for Android.

[CVE-2017-5041] Google Chrome Location Bar URL & SSL Spoofing in Omnibox

Address spoofing in Omnibox (URL & SSL Spoofing) Announced: March 9, 2017 Reporter: Jordi Chancel Impact: Moderate Products: Google Chrome Fixed in: Google Chrome 57.0.2987.98 Description : Google Chrome before 57.0.2987.98 does not properly handle ********, which allows remote attackers to spoof the Location Bar (URL and SSL indicator) via unspecified vectors. Note: This issue also affects Google Chrome for iOS. Vulnerability demonstration (video):

icon_firefox[CVE-2017-5394] Android location bar spoofing using fullscreen and JavaScript events

Android location bar spoofing using fullscreen and JavaScript events Announced: January 24, 2017 Reporter: Jordi Chancel Impact: Moderate Products: Firefox Fixed in: Firefox 51 Description : A location bar spoofing attack where the location bar of loaded page will be shown over the content of another tab due to a series of JavaScript events combined with fullscreen mode. Note: This issue only affects Firefox for Android. Other operating systems are

icon_firefox[CVE-2017-5395] Android location bar spoofing during scrolling

Android location bar spoofing during scrolling Announced: January 24, 2017 Reporter: Jordi Chancel Impact: Low Products: Firefox Fixed in: Firefox 51 Description : Malicious sites can display a spoofed location bar on a subsequently loaded page when the existing location bar on the new page is scrolled out of view if navigations between pages can be timed correctly. Note: This issue only affects Firefox for Android. Other operating systems are

icon_firefox[CVE-2016-5298] SSL indicator can mislead the user about the real URL visited

SSL indicator can mislead the user about the real URL visited Announced: November 15, 2016 Reporter: Jordi Chancel Impact: Moderate Products: Firefox Fixed in: Firefox 50 Description : Security researcher Jordi Chancel reported a mechanism where disruption of the loading of a new web page can cause the previous page’s favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox

icon_firefox[CVE-2016-2822] Addressbar spoofing though the SELECT element

Addressbar spoofing though the SELECT element Announced: June 7, 2016 Reporter: Jordi Chancel Impact: Moderate Products: Firefox, Firefox ESR Fixed in: Firefox 47, Firefox ESR 45.2 Description : Security researcher Jordi Chancel reported a method to spoof the contents of the addressbar. This uses a persistent menu within a <select> element, which acts as a container for HTML content and can be placed in an arbitrary location. When placed over

icon_firefox[CVE-2016-1967] Same-origin policy violation using perfomance.getEntries and history navigation with session restore

Same-origin policy violation using perfomance.getEntries and history navigation with session restore Announced: March 8, 2016 Reporter: Jordi Chancel Impact: High Products: Firefox Fixed in: Firefox 45 Description Security researcher Jordi Chancel discovered a variant of Mozilla Foundation Security Advisory 2015-136 which was fixed in Firefox 43. In the original bug, it was possible to read cross-origin URLs following a redirect if perfomance.getEntries() was used along with an iframe to host

icon_firefox[CVE-2016-1941] Delay following click events in file download dialog too short on OS X

Delay following click events in file download dialog too short on OS X Announced: January 26, 2016 Reporter: Jordi Chancel Impact: Moderate Products: Firefox Fixed in: Firefox 44 Description Security researcher Jordi Chancel reported an issue on OS X where the delay between the download dialog getting focus and the button getting enabled was too short. If an attacker is able to induce the user to double-click in a specific

icon_firefox[CVE-2016-1943] Location Bar Spoofing Risk – scrollto leads to that the location bar is hidden

Location Bar Spoofing Risk – scrollto leads to that the location bar is hidden Announced: January 26, 2016 Reporter: Jordi Chancel Impact: High Products: Firefox Fixed in: Firefox 44 Description Security researcher Jordi Chancel reported two issues involving addressbar spoofing. The first of these is a « high » rated security issue on on Firefox for Android involving the scrollTo() method to scroll a page. In this attack, scrollTo() is used to

icon_firefox[CVE-2016-1942] Location bar continues displaying wyciwyg URI and resource URI if user tries to navigate to it manually

Location bar continues displaying wyciwyg URI and resource URI if user tries to navigate to it manually Announced: January 26, 2016 Reporter: Jordi Chancel Impact: Low Products: Firefox Fixed in: Firefox 44 Description Security researcher Jordi Chancel reported two issues involving addressbar spoofing. The second flaw is a « low » rated security issue affecting Desktop Firefox. In this attack, when a URL which is invalid for an internal protocol is pasted

icon_firefox[CVE 2015-7186] Reading sensitive profile files through local HTML file on Android

Reading sensitive profile files through local HTML file on Android Announced: November 3, 2015 Reporter: Jordi Chancel Impact: Moderate Products: Firefox Fixed in: Firefox 42 Description Security researcher Jordi Chancel reported an issue in Firefox for Android where a locally saved HTML file could use file: URIs to trigger the download of additional files or opening of cached profile data without user awareness. This issue only affects Firefox for Android.

icon_firefox[CVE 2015-7185] Firefox for Android addressbar can be removed after fullscreen mode

Firefox for Android addressbar can be removed after fullscreen mode Announced: November 3, 2015 Reporter: Jordi Chancel Impact: Moderate Products: Firefox Fixed in: Firefox 42 Description Security researcher Jordi Chancel reported when Firefox for Android exits fullscreen mode, it can be induce through script to not restore the addressbar when the window is redrawn in normal mode. This could allow an attacker to spoof the addressbar with their own content.

icon_firefox[CVE 2015-4476] Site attribute spoofing on Android by pasting URL with unknown scheme

Site attribute spoofing on Android by pasting URL with unknown scheme Announced: September 22, 2015 Reporter: Jordi Chancel Impact: Moderate Products: Firefox Fixed in: Firefox 41 Description Security researcher Jordi Chancel reported that on Firefox for Android, when a URL is pasted with an unknown protocol, such assecure: orhttpz:, the pasted URL is shown in the addressbar but no navigation occurs. Other addressbar attributes present before this pasted URL is

icon_firefox[CVE 2015-0810] Cursor clickjacking with flash and images

Introduction : Voici encore une vulnérabilité de CursorJacking sur le navigateur web Mozilla Firefox exploitable sur Mac OS X. Comme la vulnérabilité CVE-2014-1539 Mozilla Foundation Security Advisory 2014-50 Clickjacking through cursor invisibility after Flash interaction , cette vulnérabilité permet elle aussi d’exécuter des malwares par le biais de l’exécution silencieuse d’un Addon XPI ou encore de prendre le contrôle de la webcam et du microphone. Découverte de la vulnérabilité :