Network Security: Detailed info on Re: [Full-disclosure] Firefox/MSIE focus stealing vulnerability

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security FullDisclosure

[Top] [All Lists]

Re: [Full-disclosure] Firefox/MSIE focus stealing vulnerability - clarif

from [Marcello Barnaba] Network Security

[Permanent Link]

Subject:	Re: [Full-disclosure] Firefox/MSIE focus stealing vulnerability - clarification
Date:	Tue, 13 Feb 2007 06:04:09 +0100

Hi,

On Tuesday 13 February 2007 05:44, Tyop? wrote:

http://lcamtuf.coredump.cx/focusbug/index.html

Without JavaScript on, this doesn't work. See http://noscript.net/

Without a browser too, this doesn't work. See
http://netcat.sourceforge.net/


DONT TRY THIS AT HOME.

I started to mentally evaluate the lcamtuf code and had half myself injected 
and uploaded on Zalewski's host. I am writing this in an hope that he can 
send back a pcap dump or I could not be able to regain human form.

You have been warned.
-- 
pub 1024D/8D2787EF  723C 7CA3 3C19 2ACE  6E20 9CC1 9956 EB3C 8D27 87EF

pgpbhfA5CQSAO.pgp
Description: PGP signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers), (continued) Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers), Ben Bucksch Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers), Paul Szabo Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers), Michal Zalewski Re: Firefox focus stealing vulnerability (possibly other browsers), Claus Färber Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers), Michal Zalewski Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers), pdp (architect) [Full-disclosure] Firefox/MSIE focus stealing vulnerability - clarification, Michal Zalewski Re: [Full-disclosure] Firefox/MSIE focus stealing vulnerability - clarification, Marcello Barnaba Re: [Full-disclosure] Firefox/MSIE focus stealing vulnerability - clarification, Ruud H.G. van Tol Re: [Full-disclosure] Firefox/MSIE focus stealing vulnerability - clarification, Tyop? Re: [Full-disclosure] Firefox/MSIE focus stealing vulnerability - clarification, Marcello Barnaba <=

Previous by Date:	Re: [Full-disclosure] Firefox/MSIE focus stealing vulnerability - clarification, Tyop?
Next by Date:	Re: [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?, K K
Previous by Thread:	Re: [Full-disclosure] Firefox/MSIE focus stealing vulnerability - clarification, Tyop?
Next by Thread:	[Full-disclosure] Arbitrary file disclosure vulnerability in IP3 NetAccess < 4.1.9.6, Sebastian Wolfgarten
Indexes:	[Date] [Thread] [Top] [All Lists]