Articles récents

Catégories

[CVE-2012-1924] Small windows can be used to trick users into executing downloads

Advisory: Small windows can be used to trick users into executing downloads CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1924 UPDATE Link: http://www.opera.com/fr/security/advisory/1010 Announced: March 26, 2012 Reporter: Security researcher Jordi Chancel Impact: High Products: Opera Fixed in: Opera 11.62 Description When the download dialog is displayed, it should always be visible to the user, to ensure that the user realizes it is there. If the dialog is displayed in a small enough window, the user

[CVE-2012-1928] Carefully timed reloads and redirects can spoof the address field

Advisory: Carefully timed reloads and redirects can spoof the address field CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1928 UPDATE Link: http://www.opera.com/fr/security/advisory/1014 Announced: March 26, 2012 Reporter: Security researcher Jordi Chancel Impact: Low Products: Opera Fixed in: Opera 11.62 Description The address field should always show the address of the page that is being displayed. In certain cases, if a target site responds slowly, reloading an attacking page and redirecting to the target page can cause

[CVE-2011-2845] URL bar spoof in history handling (URL & SSL indicator Spoofing)

Titre: Google Chrome URL bar spoof in history handling (URL & SSL indicator Spoofing) CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2845 Author: Security researcher Jordi Chancel UPDATE Link: http://googlechromereleases.blogspot.fr/2011/10/chrome-stable-release.html Description: Google Chrome before 15.0.874.102 does not properly handle history data, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors. Vidéo de démonstration : Location Bar Spoofing Vulnerability with URL & SSL indicator Spoofing. -Security Researcher Jordi Chancel

[CVE-2011-3875] URL bar spoof with drag+drop of URLs

Titre: Google Chrome Location Bar Spoofing using very long string on a web address in the location bar./URL bar spoof with drag+drop of URLs CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3875 Author: Security researcher Jordi Chancel UPDATE Link: http://googlechromereleases.blogspot.fr/2011/10/chrome-stable-release.html Description: Google Chrome before 15.0.874.102 does not properly handle drag and drop operations on URL strings, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors. Vidéo de démonstration : Vidéo Exemple :

[CVE-2011-2848] URL bar spoof with forward button / Possible URL Bar Spoofing when history.forward() is ignored using forward button

Issue: URL bar spoof with forward button / Possible URL Bar Spoofing when history.forward() is ignored using forward button CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2848 UPDATE Link: http://googlechromereleases.blogspot.fr/2011/09/stable-channel-update_16.html Issue 89564 http://code.google.com/p/chromium/issues/detail?id=89564 Announced: September 16, 2011 Reporter: Security researcher Jordi Chancel Impact: Moderate Products: Google Chrome Fixed in: Google Chrome 14.0.835.163 Description Google Chrome before 14.0.835.163 allows user-assisted remote attackers to spoof the URL bar via vectors related to the forward button. Report Description In

icon_firefox[CVE 2011-2377] Memory corruption due to multipart/x-mixed-replace images

Memory corruption due to multipart/x-mixed-replace images Announced: June 21, 2011 Reporter: Jordi Chancel Impact: Critical Products: Firefox, SeaMonkey, Thunderbird Fixed in: Firefox 3.6.18 – Firefox 5 – SeaMonkey 2.2 – Thunderbird 3.1.11 Description Security researcher Jordi Chancel reported a crash on multipart/x-mixed-replace images due to memory corruption. CVE Description Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a

[CVE-2011-1452] URL bar spoof with redirect and manual reload / URL Bar Spoofing using redirection and location.reload()

Issue: URL bar spoof with redirect and manual reload / URL Bar Spoofing using redirect and location.reload() CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1452 UPDATE Link: http://googlechromereleases.blogspot.fr/2011/04/chrome-stable-update.html Issue 77786 https://code.google.com/p/chromium/issues/detail?id=77786 Announced: April 27, 2011 Reporter: Security researcher Jordi Chancel Impact: Moderate Products: Google Chrome Fixed in: Google Chrome 11.0.696.57 Description Google Chrome before 11.0.696.57 allows user-assisted remote attackers to spoof the URL bar via vectors involving a redirect and a manual reload. Report Description Click

icon_firefox[CVE 2011-0061] Buffer OverFlow/Crash caused by corrupted JPEG image

Crash caused by corrupted JPEG image Announced: March 1, 2011 Reporter: Jordi Chancel Impact: Critical Products: Firefox, Thunderbird Fixed in: Firefox 3.6.14 – Thunderbird 3.1.8 Description Security researcher Jordi Chancel reported that a JPEG image could be constructed that would be decoded incorrectly, causing data to be written past the end of a buffer created to store the image. An attacker could potentially craft such an image that would cause

[CVE-2011-1107] Google Chrome Location Bar URL/SSL Spoofing And Login/Password stealing

Titre: Google Chrome URL Bar Spoofing ( Can be used to steal Login & Password saved into Google Chrome ) CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1107 Author: Security researcher Jordi Chancel UPDATE Link: http://googlechromereleases.blogspot.fr/2011/02/stable-channel-update_28.html Description: Unspecified vulnerability in Google Chrome before 9.0.597.107 allows remote attackers to spoof the URL bar via unknown vectors. Quelques Vidéos de démonstration : Location Bar Spoofing Vulnerability with Login and Password Stealing. Location Bar Spoofing Vulnerability And Possible JavaScript

[CVE-2011-0682] Large form inputs can allow execution of arbitrary code

Titre: OPERA – Large form inputs can allow execution of arbitrary code CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0682 Author: Security researcher Jordi Chancel UPDATE Link: http://www.opera.com/fr/security/advisory/982 Description: When certain large form inputs appear on a web page, they can cause Opera to crash. In some cases, the crash can lead to memory corruption, which could be used to execute code. To inject code, additional techniques will have to be employed. Opera’s response: Opera Software

Operaico[CVE 2010-4045] Opera 10.62 Reloads and redirects can allow spoofing, universal cross site scripting and Command/code Execution

Bonjour à tous, Maintenant que notre vulnérabilité de remote code execution sur OPERA 10.62 est corrigée depuis plusieurs versions , nous pouvons enfin dévoiler quelques détails techniques à son sujet. Le bug en question utilise la vulnérabilité de Cross domain scripting / Cross site scripting d’OPERA 10.62 découvert par Jordi Chancel dans le but d’injecter du code dans les configuration d’opera (OPERA:CONFIG). L’injection de code sur les configuration d’OPERA est

icon_firefox[CVE 2010-2751] SSL spoofing with history.back() and history.forward()

Advisory: Multiple location bar spoofing vulnerabilities CVE 2010-2751: SSL spoofing with history.back() and history.forward() Announced: July 20, 2010 Reporter: Jordi Chancel Impact: Moderate Products: Firefox, SeaMonkey Fixed in: Firefox 3.5.11 – Firefox 3.6.7 – SeaMonkey 2.0.6 Description Security researcher Jordi Chancel reported that the location bar could be spoofed to look like a secure page when the current document was served via plaintext. The vulnerability is triggered by a server

[CVE-2010-1663] Google Chrome Cross Origin Bypass in Google URL (GURL)

https://googlechromereleases.blogspot.com/2010/04/stable-update-bug-and-security-fixes.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1663 Security researcher Jordi Chancel reported that the Google URL Parsing Library (aka google-url or GURL) in Google Chrome before 4.1.249.1064 allows remote attackers to bypass the Same Origin Policy via CHARACTER TABULATION or others escape characters inside javascript: protocol string. Voici un nouveau billet concernant une vulnérabilité critique du navigateur Google Chrome décelé lors de mes tests du 05/04/2010.L’exécution de code sur un domaine distant peut être effectué

[CVE 2009-3985] URL spoofing via invalid document.location

Advisory: Location bar spoofing vulnerabilities CVE 2010-2751: URL spoofing via invalid document.location Announced: December 15, 2009 Reporter: Jordi Chancel Impact: Moderate Products: Firefox, SeaMonkey Fixed in: Firefox 3.0.16 – Firefox 3.5.6 – SeaMonkey 2.0.1 Description Security researcher Jordi Chancel reported an issue similar to one fixed in mfsa2009-44 in which a web page can set document.location to a URL that can’t be displayed properly and then inject content into the