Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 83390 - net-www/mozilla-firefox Javascript Images are Draggable
Summary: net-www/mozilla-firefox Javascript Images are Draggable
Status: RESOLVED UPSTREAM
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A4 [upstream+]
Keywords:
Depends on:
Blocks:
 
Reported: 2005-02-26 10:05 UTC by Marco Morales
Modified: 2005-04-16 04:31 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marco Morales 2005-02-26 10:05:11 UTC 
Author: Paul
Affected Software: Mozilla Firefox 1.0.0, 1.0.1 (tested only on these versions)
Risk: Low/Medium

A minor security vulnerability exists in the way that Firefox handles cross-domain image
dragging. Dragging an image into the address bar will cause Firefox to navigate to the
image url even if it is a javascript url and the page to be navigated from is in a
different domain than the page on which the image is shown. This may potentially allow
attackers to steal cookies, etc.

A proof of concept is available at
http://greyhatsecurity.org/vulntests/firefox.htm

Vendor Reccomendations:
Disable dragging images with javascript urls.

User Reccomendations:
Do not drag images into the address bar.

Paul
http://greyhatsecurity.org


Reproducible: Always
Steps to Reproduce:
Comment 1 Brad Laue (RETIRED) gentoo-dev 2005-02-26 14:34:54 UTC 
Havy any bugs been filed upstream about this? This doesn't seem like our issue until we can get a patch from them.
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2005-03-15 02:18:31 UTC 
Can't find it, but those are typically hidden until resolution. With the security bug bounty program, you can be sure the discoverer notified the Mozilla team :) As always we should wait for Mozilla to update the known vuln page...
Comment 3 Thierry Carrez (RETIRED) gentoo-dev 2005-04-16 04:31:26 UTC 
This bug is not really exploitable to do anything, and Mozilla apparently agrees with us since they did not fix it in their recent releases. I propose to close it, reopen if you disagree.