BugTraq
Firefox Cache Hack - Firefox History Hack redux Feb 23 2007 12:32PM
pdp (architect) (pdp gnucitizen googlemail com) (2 replies)
http://www.gnucitizen.org/projects/hscan-redux/

Inspired by Michal Zalewski recent Firefox bug hunt, I decided to give
it a go and see what I can come up with. We all know how vulnerable
Firefox and other browsers are. This is the reason why I am not
particularly interested in finding specific browser bugs. However,
when you are in hackmode things like this don't really matter.

This vulnerability is not a reworked version of Jeremiah Grossman
history hack. It is completely different and it should be treated as a
new issue. The peculiar thing about this vulnerability is that it
tells you which URLs you have attended during the current browser
session (the last time you opened your browser). I am not sure how
useful this is.

Keep in mind that attackers can abuse this vulnerability in order to
extract valuable information about your browsing habits. They can also
use this hack to precisely detect whether you are logged into your
router management interface. They can use this hack to detect your
router type and version as well. Based on this information, they might
be able to compromise the integrity of your network.

--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org

[ reply ]
Re: [Full-disclosure] Firefox Cache Hack - Firefox History Hack redux Feb 23 2007 03:05PM
Ben Bucksch (news bucksch org)
Re: [Full-disclosure] Firefox Cache Hack - Firefox History Hack redux Feb 23 2007 02:29PM
Michael Silk (michaelslists gmail com) (2 replies)
Re: [Full-disclosure] Firefox Cache Hack - Firefox History Hack redux Feb 23 2007 02:50PM
Ismail Dönmez (ismail pardus org tr) (1 replies)
Re: [Full-disclosure] Firefox Cache Hack - Firefox History Hack redux Feb 26 2007 08:16PM
arman (afmuse hotmail com) (2 replies)
Re: [Full-disclosure] Firefox Cache Hack - Firefox History Hack redux Feb 26 2007 08:57PM
pdp (architect) (pdp gnucitizen googlemail com)
Re: [Full-disclosure] Firefox Cache Hack - Firefox History Hack redux Feb 26 2007 08:19PM
Ismail Dönmez (ismail pardus org tr)
Re: [Full-disclosure] Firefox Cache Hack - Firefox History Hack redux Feb 23 2007 02:35PM
pdp (architect) (pdp gnucitizen googlemail com)


 

Privacy Statement
Copyright 2010, SecurityFocus