|
COMMAND Mozilla allows running Malicious Scripts due to a bug in 'FTP view' SYSTEMS AFFECTED Mozilla 1.0 PROBLEM Eiji James Yoshida [ptrs-ejy@bp.iij4u.or.jp] says : Mozilla allows running Malicious Scripts due to a bug in 'FTP view'. If you click on a malicious link, the script embedded in URL will run. * If the ftp server and the http server are the same address, it is dangerous. Because the cookie may be modified by the attacker. + Detailes: ~~~~~~~~~~~ This problem is in 'FTP view'. The '<title>URL</title>' is not escaped. + Exploit code: ~~~~~~~~~~~~~~~~~ <a href="ftp://[FTPserver]/#%3C%2ftitle%3E%3Cscript%3Ealert(%22exploit%22);%3C%2fscript%3E">Exploit</a> Example: <a href="ftp://ftp.mozilla.org/#%3C%2ftitle%3E%3Cscript%3Ealert(%22exploit%22);%3C%2fscript%3E">Exploit</a> + Demonstration: ~~~~~~~~~~~~~~~~ http://www.geocities.co.jp/SiliconValley/1667/advisory03e.html SOLUTION Get Mozilla 1.1 Beta or disable javascript