Articles récents

Catégories

Non classé

icon_firefox[CVE 2015-7185] Firefox for Android addressbar can be removed after fullscreen mode

Firefox for Android addressbar can be removed after fullscreen mode Announced: November 3, 2015 Reporter: Jordi Chancel Impact: Moderate Products: Firefox Fixed in: Firefox 42 Description Security researcher Jordi Chancel reported when Firefox for Android exits fullscreen mode, it can be induce through script to not restore the addressbar when the window is redrawn in normal mode. This could allow an attacker to spoof the addressbar with their own content.

icon_firefox[CVE 2015-4476] Site attribute spoofing on Android by pasting URL with unknown scheme

Site attribute spoofing on Android by pasting URL with unknown scheme Announced: September 22, 2015 Reporter: Jordi Chancel Impact: Moderate Products: Firefox Fixed in: Firefox 41 Description Security researcher Jordi Chancel reported that on Firefox for Android, when a URL is pasted with an unknown protocol, such assecure: orhttpz:, the pasted URL is shown in the addressbar but no navigation occurs. Other addressbar attributes present before this pasted URL is

icon_firefox[CVE 2015-0810] Cursor clickjacking with flash and images

Introduction : Voici encore une vulnérabilité de CursorJacking sur le navigateur web Mozilla Firefox exploitable sur Mac OS X. Comme la vulnérabilité CVE-2014-1539 Mozilla Foundation Security Advisory 2014-50 Clickjacking through cursor invisibility after Flash interaction , cette vulnérabilité permet elle aussi d’exécuter des malwares par le biais de l’exécution silencieuse d’un Addon XPI ou encore de prendre le contrôle de la webcam et du microphone. Découverte de la vulnérabilité :

icon_firefox[CVE 2014-1539] Clickjacking through cursor invisibility after Flash interaction

Introduction : Dans la mise à jour de Mozilla Firefox 30 ma vulnérabilité de CursorJacking/ClickJacking à été corrigé avec un impact défini comme Haut (sec-high). D’après les démonstrations que j’ai développées, cette vulnérabilité permet dans un premier temps de rendre le curseur invisible et de duper l’utilisateur via la mise en place d’un faux curseur se déplacent parallèlement au curseur réel avec un décalage entre eux ce qui permet donc

[Opera Security Advisory DNA-19280] Address bar spoofing with Data URIs

Advisory: Address bar spoofing with Data URIs UPDATE Link: http://www.opera.com/blogs/security/2014/05/security-changes-opera-21/ Announced: May 6, 2014 Reporter: Security researcher Jordi Chancel Impact: Low Products: Opera Fixed in: Opera 21 Description When a user chooses to open a link in a new tab, this should still display the address as normal. However, with Data URIs, Opera would accidentally right-align the address field, showing the wrong end of the address. Again, this could allow

[Opera Security Advisory DNA-18354] Address bar spoofing with downloads

Advisory: Address bar spoofing with downloads UPDATE Link: http://www.opera.com/blogs/security/2014/05/security-changes-opera-21/ Announced: May 6, 2014 Reporter: Security researcher Jordi Chancel Impact: Low Products: Opera Fixed in: Opera 21 Description This unrelated bug only occurred when the user dragged and dropped a URL into the address bar, which started a download. The address bar would then be right aligned, showing the wrong end of the address. This could allow a specially crafted URL

icon_firefox[CVE 2014-1480] UI selection timeout missing on download prompts

Introduction : La mise à jour du Navigateur Web Mozilla Firefox vers la version 27 à corrigée une vulnérabilité que j’avais dernièrement reporté et permettant d’effectuer des attaques de ClickJacking sur la boite de dialogue d’exécution et de téléchargement de fichiers. Avec cette vulnérabilité il est donc possible d’exécuter des fichiers potentiellement dangereux après leur téléchargement via une attaque de ClickJacking. Conclusion / Détails supplémentaires : Sur Mac Os X

[CVE-2014-1870] Address bar spoofing on Mac platform with drag and drop

Advisory: Address bar spoofing on Mac platform with drag and drop CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1870 UPDATE Link: http://www.opera.com/blogs/security/2014/01/security-changes-features-opera-19/ Announced: January 31, 2014 Reporter: Security researcher Jordi Chancel Impact: Low Products: Opera Fixed in: Opera 19 Description Opera before 19 on Mac OS X allows user-assisted remote attackers to spoof the address bar via vectors involving a drag-and-drop operation. Opera’s Response Opera Software has released Opera 19, where this issue has been fixed.

icon_firefox[CVE 2013-5593] Spoofing addressbar though SELECT element

Introduction : Voici une vulnérabilité mélangeant ClickJacking et Location Bar Spoofing. Dans mes recherches suivant la correction d’une plus ancienne vulnérabilité que j’avais reporté sur le navigateur Mozilla Firefox (MFSA 2012-75), je me suis alors pencher sur le fait que l’élément <select> pourrait sans doute permettre de mener des attaques de Spoofing d’URL et d’indication de connexion sécurisé et permettre parallèlement démontrer qu’il serait alors possible de mener a bien

icon_firefox[CVE 2012-4200] Location Bar URL and SSL Spoofing

Introduction : Parmi mes recherches en vulnérabilité sur les web browser, il m’a été donné de trouver de multiple spoofing de type « Location Bar Spoofing » donc certain on un impacte global haut voir critique pour les plus dangereux tandis que d’autres restent modérés ou même faibles. Ce spoofing découvert dans mes recherches sur le navigateur web Mozilla Firefox présente un impacte haut du fait qu’il ne nécessite qu’une interaction minime

icon_firefox[CVE 2012-3984] SELECT element persistance allows for attacks

Introduction : Dans cet article je vais donner quelques détails concernant une Vulnérabilité de ClickJacking critique que j’ai découvert sur le navigateur web Mozilla Firefox permettant d’exécuter un Addon permettant de prendre le contrôle de la machine vulnérable par le biais de l’élément <select> en faisant en sorte que cette élément couvre certaine partie de la boite de dialogue d’installation de l’Addon pirate. A. La vulnérabilité en question permettait dans

[CVE-2012-6460] Truncated dialogs may be used to trick users

Advisory: Truncated dialogs may be used to trick users CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6460 UPDATE Link: http://www.opera.com/fr/security/advisory/1028 Announced: August 27, 2012 Reporter: Security researcher Jordi Chancel Impact: Low Products: Opera Fixed in: Opera 12.02 and Opera 11.67 Description When an important dialog is being displayed, such as a download dialog, the entire dialog should be visible, so that the user can clearly see what the dialog’s buttons will do. In some cases, specific

[CVE-2012-4143] Small windows can be used in several ways to trick users into executing downloads

Advisory: Small windows can be used in several ways to trick users into executing downloads CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4143 UPDATE Link: http://www.opera.com/fr/security/advisory/1027 Announced: August 1, 2012 Reporter: Security researcher Jordi Chancel Impact: High Products: Opera Fixed in: Opera 12.01 and Opera 11.66 Description When the download dialog is displayed, it should always be visible to the user, to ensure that the user realizes it is there. If the dialog is displayed in

[CVE-2012-3558] Carefully timed reloads, redirects, and navigation can spoof the address field

Advisory: Carefully timed reloads, redirects, and navigation can spoof the address field CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3558 UPDATE Link: http://www.opera.com/fr/security/advisory/1018 Announced: June 12, 2012 Reporter: Security researcher Jordi Chancel Impact: Low Products: Opera Fixed in: Opera 12 and Opera 11.65 Description The address field should always show the address of the page that is being displayed. Certain types of navigation, combined with reloads and redirects to a slowly-responding target site can cause the

[CVE-2012-3556] A combination of clicks and key presses can lead to cross site scripting or code execution

Advisory: A combination of clicks and key presses can lead to cross site scripting or code execution CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3556 UPDATE Link: http://www.opera.com/fr/security/advisory/1020 Announced: June 12, 2012 Reporter: Security researcher Jordi Chancel Impact: Moderate Products: Opera Fixed in: Opera 12 and Opera 11.65 Description When a user double clicks on a page, they may expect the two clicks to target the same object. If a page uses the first click to

[CVE-2012-3555] Hidden keyboard navigation can allow cross site scripting or code execution

Advisory: Hidden keyboard navigation can allow cross site scripting or code execution CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3555 UPDATE Link: http://www.opera.com/fr/security/advisory/1021 Announced: June 12, 2012 Reporter: Security researcher Jordi Chancel Impact: Moderate Products: Opera Fixed in: Opera 12 and Opera 11.65 Description When a user is interacting with a window, that window should be visible to the user, to ensure that the user realizes it is there. If a page is displayed in a

icon_firefox[CVE 2012-0474] Page load short-circuit can lead to XSS

Introduction : Les spoofing de la barre de location présentent un réel danger, surtout quand celui-ci permet d’usurper à la fois l’URL et l’indicateur de connexion sécurisé. Cette vulnérabilité reporté par moi-même possède cependant d’autres possibilités comme l’a démontré Chris McGowen en reportant une variant de celle-ci permettant d’exécuter du code JavaScript sur un domaine ciblé. Quelques détails : La vulnérabilité en question se base sur une certaines fonctions JavaScript

[CVE-2012-1925] Overlapping content can trick users into executing downloads

Advisory: Overlapping content can trick users into executing downloads CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1925 UPDATE Link: http://www.opera.com/fr/security/advisory/1011 Announced: March 26, 2012 Reporter: Security researcher Jordi Chancel Impact: High Products: Opera Fixed in: Opera 11.62 Description Dialogs such as the download dialog are usually displayed on top of page content, to ensure that the user knows that the dialog is requesting attention. In some cases, this policy was not implemented correctly in Opera, allowing