[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] firefox3 vuln by design?

From: Thierry Zoller <Thierry@xxxxxxxxx>
Subject: Re: [WEB SECURITY] firefox3 vuln by design?
Date: Wed, 29 Aug 2007 01:36:25 +0200

bcn> pdp had an interesting read at
bcn> http://www.gnucitizen.org/blog/i-dont-think-that-you-understand-firefox3-vulnerable-by-design

This argument boils down to saying if "CRLF Injection" is possible,
your protection may be not working. To use the possibility of a
vulnerability to question this framework is ok, however it should be
viewed within it's implicit boundaries, meaning that first a
vulnerability within an applicaction must exist to subvert the current
protection sheme. Of course this could be solved using
challenge-response type of authentication of the Content-Access-Control
headers - but come on - too much ?

So again, it is only if the server/application is vulnerable to some
degree that you might circumvent this protection, right?

Then again, will the recommendation to disable Trace support FINALY be
worth something. I'd like to see that happen actually :)

>And finally, the proposed W3C specifications are insecure from start.
It says Draft ?

>This cross domain access control mechanism is also subjective to TRACK/TRACE
No Trace gives headers last time I used it, it will not reflect the
content of the xml data. Am I wrong?

>This port scanning method does not work today, but it will
>if you implement the W3C standard.
Assumption

>However, in case the internal FF or IE XML parsing engine is vulnerable
>to some buffer overflow, we will be screwed big time.
FUD

>For God?s sake, do not implement the standard. Can?t you see? It
>will open a can of worms (literally).
euhm ?

>WARNING: None of the above attacks have been verified.
Boing...

The Birth of a new Steve Gibson, Time will tell. <- Take this easy :)

-- 
http://secdev.zoller.lu
Thierry Zoller
Fingerprint : 5D84 BFDC CD36 A951 2C45  2E57 28B3 75DD 0AC6 F1C7


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Follow-Ups:
- Re: [WEB SECURITY] firefox3 vuln by design?
  - From: Thomas Roessler

References:
- [WEB SECURITY] firefox3 vuln by design?
  - From: bugtraq

Prev by Date: [WEB SECURITY] 24th Chaos Communication Congress 2007: Call for Participation
Next by Date: [WEB SECURITY] Re: HTTP Proxy for thick clients
Previous by thread: [WEB SECURITY] firefox3 vuln by design?
Next by thread: Re: [WEB SECURITY] firefox3 vuln by design?
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site