Mike Hommey wrote:
forwarded 427691 https://bugzilla.mozilla.org/show_bug.cgi?id=381300
severity 427691 important
tag 427691 security upstream
thanks
On Tue, Jun 05, 2007 at 03:33:17PM -0500, Karl Schmidt <[EMAIL PROTECTED]>
wrote:
Package: iceweasel
Version: 2.0.0.3-1
Severity: critical
(...)
http://lcamtuf.coredump.cx/ifsnatch
Thanks for the effort of filing a complete bug report...
Here is the bugzilla report:
https://bugzilla.mozilla.org/show_bug.cgi?id=382686
But this report is probably the same thing and is a race condition exploit.
https://bugzilla.mozilla.org/show_bug.cgi?id=381300
... and others think it is critical.
From Bugzilla report:
It's very dangerous if someone [is]
using this exploit to steal accounts..
Sorry if you don't think I spent any time (and the link does a good job at explaining the
bug) I wanted to get a security bug listed as fast as possible. It took more time than you
realize to besure it was not a duplicate. I was only able to recreate the bug once so I
didn't want to provide data that was incomplete.
<time passes>
I haven't been able to recreate the second test a second time that relies on the about:blank
frame again after spending a second hour on it today - but I did make it work yesterday???
The second test case is very important as it _DID_ demonstrate keycapture
yesterday!
The first test case did not demonstrate keycapture for me Yesterday (but may be
demonstrating something else, but not definitively.
I'm copying the test case author to see if he has further information. What I've seen in
further tests today is intermittent with "the connection was reset notices" and occasionally
invocation of the pop-up blocker. Could be the demonstration site is over loaded today
and/or the exploit is dependent on timing? Why is the popup blocker being circumvented only
some of the time?
A workaround for now is to use the prefbar extension http://prefbar.mozdev.org/ and turn off
javascript .
This is not a *critical* security issue, though.
why not?
From http://www.debian.org/Bugs/Developer#severities
critical ... or introduces a security hole on systems where you install the
package.
It can clearly capture keystrokes -- I would think that is considered a
security hole...
... and others think it is critical.
From Bugzilla report:
> It's very dangerous if someone [is]
> using this exploit to steal accounts..
----------------------------------------------------------------
Karl Schmidt EMail [EMAIL PROTECTED]
Transtronics, Inc. WEB http://xtronics.com
3209 West 9th Street Ph (785) 841-3089
Lawrence, KS 66049 FAX (785) 841-0434
Any cat would tell you that you can only wash one paw at a time;
while we try to do everything at once. -kps
----------------------------------------------------------------
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
