Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Mozilla Event Handler Document Transition Flaw Permits Cross-Site Scripting Attacks

Feb 26, 2004 12:07AM PST

SecurityTracker Alert ID: 1009209
CVE Reference: GENERIC-MAP-NOMATCH
Date: Feb 25 2004

Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information

Fix Available: Yes Exploit Included: Yes Vendor Confirmed: Yes

Version(s): Affects versions prior to 1.6

Description: A vulnerability was reported in the Mozilla browser in the processing of event handlers during the transition of documents. A remote user can conduct cross-site scripting attacks.

Andreas Sandblad reported that a remote user can create HTML containing a specially crafted link that, when loaded on the target user's browser, may execute arbitrary javascript events in the security context of the new page.

The flaw reportedly resides in 'nsDOMClassInfo.cpp' and occurs when a large number of event handlers are used within HTML tags.

A remote user can create specially crafted HTML that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser in the context of an arbitrary site in that site's security domain. The code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

A limited amount of user interaction may be required.

The vendor was reportedly notified on December 2, 2003.

The original bug report (containing some demonstration exploit HTML) is available at:

http://bugzilla.mozilla.org/show_bug.cgi?id=227417

Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with an arbitrary site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Solution: The vendor has issued a fix (on December 3, 2003), available via CVS. A fix is also included in version 1.6b, available at:

http://www.mozilla.org/releases/

Vendor URL: bugzilla.mozilla.org/show_bug.cgi?id=227417

Cause: Input validation error, State error

Underlying OS: Linux (Any), UNIX (Any), Windows (Any)

Reported By: Andreas Sandblad

http://www.securitytracker.com/alerts/2004/Feb/1009209.html

Discussion is locked