Jordi Chancel Security Research Blog

Recherche et Exploitation de Vulnérabilités des Navigateurs Web

Articles récents

Similar vulerability in Firefox 51.0.1 fixed in Firefox 52 than CVE-2017-5387 Ability to determine the existence of a file in the local filesystem using tag with onerror event
[CVE-2018-12382] Addressbar spoofing with javascript URI on Firefox for Android
[CVE-2018-5182] Local file can be displayed from hyperlink dragged and dropped on Addressbar
[CVE-2017-7834] Data: URLs opened in new tabs bypass CSP protections
[CVE-2017-7770] Addressbar spoofing with JavaScript events and fullscreen mode on Firefox for Android
[CVE-2017-5451] Addressbar spoofing with onblur event
[CVE-2017-5452] Addressbar spoofing during scrolling with editable content on Firefox for Android
[CVE-2017-5041] Google Chrome Location Bar URL & SSL Spoofing in Omnibox
[CVE-2017-5394] Android location bar spoofing using fullscreen and JavaScript events
[CVE-2017-5395] Android location bar spoofing during scrolling
[CVE-2016-5298] SSL indicator can mislead the user about the real URL visited
[CVE-2016-2822] Addressbar spoofing though the SELECT element
[CVE-2016-1967] Same-origin policy violation using perfomance.getEntries and history navigation with session restore
[CVE-2016-1941] Delay following click events in file download dialog too short on OS X
[CVE-2016-1943] Location Bar Spoofing Risk – scrollto leads to that the location bar is hidden
[CVE-2016-1942] Location bar continues displaying wyciwyg URI and resource URI if user tries to navigate to it manually
[CVE 2015-7186] Reading sensitive profile files through local HTML file on Android
[CVE 2015-7185] Firefox for Android addressbar can be removed after fullscreen mode
[CVE 2015-4476] Site attribute spoofing on Android by pasting URL with unknown scheme
[CVE 2015-0810] Cursor clickjacking with flash and images
[CVE 2014-1539] Clickjacking through cursor invisibility after Flash interaction
[Opera Security Advisory DNA-19280] Address bar spoofing with Data URIs
[Opera Security Advisory DNA-18354] Address bar spoofing with downloads
[CVE 2014-1480] UI selection timeout missing on download prompts
[CVE-2014-1870] Address bar spoofing on Mac platform with drag and drop
[CVE 2013-5593] Spoofing addressbar though SELECT element
[CVE 2012-4200] Location Bar URL and SSL Spoofing
[CVE 2012-3984] SELECT element persistance allows for attacks
[CVE-2012-6460] Truncated dialogs may be used to trick users
[CVE-2012-4143] Small windows can be used in several ways to trick users into executing downloads
[CVE-2012-3558] Carefully timed reloads, redirects, and navigation can spoof the address field
[CVE-2012-3556] A combination of clicks and key presses can lead to cross site scripting or code execution
[CVE-2012-3555] Hidden keyboard navigation can allow cross site scripting or code execution
[CVE 2012-0474] Page load short-circuit can lead to XSS
[CVE-2012-1925] Overlapping content can trick users into executing downloads
[CVE-2012-1924] Small windows can be used to trick users into executing downloads
[CVE-2012-1928] Carefully timed reloads and redirects can spoof the address field
[CVE-2011-2845] URL bar spoof in history handling (URL & SSL indicator Spoofing)
[CVE-2011-3875] URL bar spoof with drag+drop of URLs
[CVE-2011-2848] URL bar spoof with forward button / Possible URL Bar Spoofing when history.forward() is ignored using forward button
[CVE 2011-2377] Memory corruption due to multipart/x-mixed-replace images
[CVE-2011-1452] URL bar spoof with redirect and manual reload / URL Bar Spoofing using redirection and location.reload()
[CVE 2011-0061] Buffer OverFlow/Crash caused by corrupted JPEG image
[CVE-2011-1107] Google Chrome Location Bar URL/SSL Spoofing And Login/Password stealing
[CVE-2011-0682] Large form inputs can allow execution of arbitrary code
[CVE 2010-4045] Opera 10.62 Reloads and redirects can allow spoofing, universal cross site scripting and Command/code Execution
[CVE 2010-2751] SSL spoofing with history.back() and history.forward()
[CVE-2010-1663] Google Chrome Cross Origin Bypass in Google URL (GURL)
[CVE 2009-3985] URL spoofing via invalid document.location

Commentaires récents

Maor Shwartz dans Recherche en vulnérabilité informatique

Catégories

Non classé

Méta

[CVE-2011-2845] URL bar spoof in history handling (URL & SSL indicator Spoofing)

Titre: Google Chrome URL bar spoof in history handling (URL & SSL indicator Spoofing)

CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2845

Author: Security researcher Jordi Chancel

UPDATE Link: http://googlechromereleases.blogspot.fr/2011/10/chrome-stable-release.html

Description:

Google Chrome before 15.0.874.102 does not properly handle history data, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors.

Vidéo de démonstration :

Location Bar Spoofing Vulnerability with URL & SSL indicator Spoofing.

-Security Researcher Jordi Chancel