TUCoPS :: Browsers :: hack8020.htm

Fireflashing [mikx]
Fireflashing [Firefox 1.0]


Using plugins like Flash and the -moz-opacity filter it is possible to 
display the about:config site in a hidden frame or a new window.

By making the user double-click at a specific screen position (e.g. using a 
DHTML game) you can silently toggle the status of boolean config parameters.

As long as the number of about:config parameters is unchanged (unlikely a 
casual user will change them) you can move the parameter you want to the 
specified screen position by using CSS.

You can also load about:config using the real player plugin and merged url 
events. See the real producer documentation for details and merge a command 
like "u 0:0:0:0.0 0:0:0:30.0 &&targetframe&&about:config"




The bug is marked as fixed in bugzilla. Get a nightly build, compile on your 
own or wait for Firefox 1.0.1.

2005-02-01 Vendor informed (bugzilla.mozilla.org #280664)
2005-02-01 Vendor confirmed bug
2005-02-04 Vendor fixed bug
2005-02-07 Public disclosure

The Common Vulnerabilities and Exposures project (cve.mitre.org) has 
assigned the name CAN-2005-0232 to this issue.

__Affected Software

Tested with Firefox 1.0 and Mozilla 1.7.5

__Contact Informations

Michael Krax  


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH