MSIE7 browser entrapment vulnerability (probably Firefox, too)

2007.03.02
Risk: Low
Local: No
Remote: Yes
CWE: CWE-Other


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

There is a cool combination-type vulnerability in MSIE7 that allows the attacker to: a) Trap the visitor in a Matrix-esque tarpit webpage that cannot be left by normal means (this is a known brain-damaged design of onUnload Javascript handlers), b) Spoof transitions between pages so that the user thinks he actually managed to leave the affected site, and so that the URL bar displays other addresses we didn't actually go to. This opens a plethora of spoofing / phishing scenarios, and is generally quite nasty. More information and a pretty demo is available here: http://lcamtuf.coredump.cx/ietrap/ Firefox isn't outright vulnerable to this problem, but judging from its behavior, it is likely to be susceptible to a variant of this bug (it exhibits the same behavior, but we end up with a corrupted page instead); I will research it once I get some sleep. Cheers, /mz


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top