Jordi Chancel Research & Analysis Blog

Recherche et Exploitation de Vulnérabilités des Navigateurs Web

• Recherche en vulnérabilité informatique

[CVE-2011-2845] URL bar spoof in history handling (URL & SSL indicator Spoofing)

25 octobre 2011 admin Non classé Commentaires fermés sur [CVE-2011-2845] URL bar spoof in history handling (URL & SSL indicator Spoofing)

---

Titre: Google Chrome URL bar spoof in history handling (URL & SSL indicator Spoofing)

---

CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2845

---

Author: Security researcher Jordi Chancel

---

UPDATE Link: http://googlechromereleases.blogspot.fr/2011/10/chrome-stable-release.html

---

Description:

Google Chrome before 15.0.874.102 does not properly handle history data, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors.

---

• Vidéo de démonstration :

Location Bar Spoofing Vulnerability with URL & SSL indicator Spoofing.

---

-Security Researcher Jordi Chancel

Comments are closed.

• Rechercher :

• Articles récents

  • [CVE-2017-7770] Addressbar spoofing with JavaScript events and fullscreen mode on Firefox for Android
  • [CVE-2017-5451] Addressbar spoofing with onblur event
  • [CVE-2017-5452] Addressbar spoofing during scrolling with editable content on Firefox for Android
  • [CVE-2017-5041] Google Chrome Location Bar URL & SSL Spoofing in Omnibox
  • [CVE-2017-5394] Android location bar spoofing using fullscreen and JavaScript events
  • [CVE-2017-5395] Android location bar spoofing during scrolling
  • [CVE-2016-5298] SSL indicator can mislead the user about the real URL visited
  • [CVE-2016-2822] Addressbar spoofing though the SELECT element
  • [CVE-2016-1967] Same-origin policy violation using perfomance.getEntries and history navigation with session restore
  • [CVE-2016-1941] Delay following click events in file download dialog too short on OS X
  • [CVE-2016-1943] Location Bar Spoofing Risk – scrollto leads to that the location bar is hidden
  • [CVE-2016-1942] Location bar continues displaying wyciwyg URI and resource URI if user tries to navigate to it manually
  • [CVE 2015-7186] Reading sensitive profile files through local HTML file on Android
  • [CVE 2015-7185] Firefox for Android addressbar can be removed after fullscreen mode
  • [CVE 2015-4476] Site attribute spoofing on Android by pasting URL with unknown scheme
  • [CVE 2015-0810] Cursor clickjacking with flash and images
  • [CVE 2014-1539] Clickjacking through cursor invisibility after Flash interaction
  • [Opera Security Advisory DNA-19280] Address bar spoofing with Data URIs
  • [Opera Security Advisory DNA-18345] Address bar spoofing with downloads
  • [CVE 2014-1480] UI selection timeout missing on download prompts
  • [CVE-2014-1870] Address bar spoofing on Mac platform with drag and drop
  • [CVE 2013-5593] Spoofing addressbar though SELECT element
  • [CVE 2012-4200] Location Bar URL and SSL Spoofing
  • [CVE 2012-3984] SELECT element persistance allows for attacks
  • [CVE-2012-6460] Truncated dialogs may be used to trick users
  • [CVE-2012-4143] Small windows can be used in several ways to trick users into executing downloads
  • [CVE-2012-3558] Carefully timed reloads, redirects, and navigation can spoof the address field
  • [CVE-2012-3556] A combination of clicks and key presses can lead to cross site scripting or code execution
  • [CVE-2012-3555] Hidden keyboard navigation can allow cross site scripting or code execution
  • [CVE 2012-0474] Page load short-circuit can lead to XSS
  • [CVE-2012-1925] Overlapping content can trick users into executing downloads
  • [CVE-2012-1924] Small windows can be used to trick users into executing downloads
  • [CVE-2012-1928] Carefully timed reloads and redirects can spoof the address field
  • [CVE-2011-2845] URL bar spoof in history handling (URL & SSL indicator Spoofing)
  • [CVE-2011-3875] URL bar spoof with drag+drop of URLs
  • [CVE-2011-2848] URL bar spoof with forward button / Possible URL Bar Spoofing when history.forward() is ignored using forward button
  • [CVE 2011-2377] Memory corruption due to multipart/x-mixed-replace images
  • [CVE-2011-1452] URL bar spoof with redirect and manual reload / URL Bar Spoofing using redirection and location.reload()
  • [CVE 2011-0061] Buffer OverFlow/Crash caused by corrupted JPEG image
  • [CVE-2011-1107] Google Chrome Location Bar URL/SSL Spoofing And Login/Password stealing
  • [CVE-2011-0682] Large form inputs can allow execution of arbitrary code
  • [CVE 2010-4045] Opera 10.62 Reloads and redirects can allow spoofing, universal cross site scripting and Command/code Execution
  • [CVE 2010-2751] SSL spoofing with history.back() and history.forward()
  • [CVE-2010-1663] Google Chrome Cross Origin Bypass in Google URL (GURL)
  • [CVE 2009-3985] URL spoofing via invalid document.location

• Commentaires récents

  • Maor Shwartz dans Recherche en vulnérabilité informatique

• Archives

  • juin 2017
  • avril 2017
  • mars 2017
  • janvier 2017
  • novembre 2016
  • juin 2016
  • mars 2016
  • janvier 2016
  • novembre 2015
  • septembre 2015
  • mars 2015
  • juin 2014
  • mai 2014
  • février 2014
  • janvier 2014
  • octobre 2013
  • novembre 2012
  • octobre 2012
  • août 2012
  • juin 2012
  • avril 2012
  • mars 2012
  • octobre 2011
  • septembre 2011
  • juin 2011
  • avril 2011
  • mars 2011
  • février 2011
  • janvier 2011
  • octobre 2010
  • juillet 2010
  • avril 2010
  • décembre 2009

• Catégories

  • Non classé

• Méta

  • Connexion
  • Flux RSS des articles
  • RSS des commentaires
  • Site de WordPress-FR