Firefox Vulnerability

[43unite]

Can a filter be developed for the Security Pack to handle this Firefox vulnerability?
http://www.securiteam.com/securitynews/5LP051FHPE.html

By crafting special XBL code, attackers can execute S using the -moz-binding option on Gecko based web browsers.
Gecko based browsers uses the CSS option -moz-binding in order to bind XBL code from additional locations including remote hosts.
Attackers can use the -moz-binding option in order to inject Javascript code and to perform a cross site scripting attack from remote location.

Vulnerable Systems:
* Mozilla Firefox 1.5 and prior
* Mozilla Firefox 1.0 and above
* Netscape version 8.1 and prior
* Mozilla Suite version 1.7.12 and prior
* Mozilla Seamonkey 1.0
Mozilla Firefox 1.5.0.1 is also vulnerable.

[ProxRocks]

I shall restrain from interjecting, lol...


ps - only those that have been around a while know the reference...

[Kye-U]

Quick filter I whipped up:

Code:

[Patterns]
Name = "Mozilla: Remove -moz-binding Vulnerability"
Active = TRUE
URL = "($TYPE(htm)|$TYPE(css))"
Limit = 256
Match = "-moz-binding: url\(*\);"

[43unite]

Thanks Kye-U.
Don't understand ProxRocks comment. Guess I missed something. Sorry.

[Oddysey]

43unite;

Quote:Don't understand ProxRocks comment. Guess I missed something. Sorry.

Short version: ProxRocks has "feelings" for what he calls The Dead Fox. I hope that's enough of a clue as to just what those feelings are - I'd hate to have to let him tell you in his own words. Further details can be found sprinkled througout these forums, should you have a few hours to spare.


~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~
ProxRocks;

Yeah, you are exhibiting a bit more self-control these days. Wassup wi' dat? Should we send a Doctor or sumpin?




Oddysey

[ProxRocks]

Oddysey Wrote:~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~
ProxRocks;

Yeah, you are exhibiting a bit more self-control these days. Wassup wi' dat? Should we send a Doctor or sumpin?




Oddysey

lol, no doctor required - unless she's a brunette with brown eyes, an elbow half way up each arm, and legs that go all the way up...

guess there's no use anymore, even the Dead Fox users have succumbed to the fact that said Fox is "vulnerable", contrary to their prior misguided convictions...




edit: perhaps I should add that I not only do not use the Dead Fox, but I don't use IE, Opera, or Netscape either (or any other "mainstream" browser, for that matter)... but regardless, the "point" is that I don't care WHAT browser you use, it's "vulnerable"... PERIOD!... yes, even my Japanese browser... (but I shall deny having said that out loud, lol...)

[Oddysey]

ProxRocks;

Quote:.... yes, even my Japanese browser... (but I shall deny having said that out loud, lol...)

Hey, man, it's not like there's a ban on the J-word or anything, right? Just which browser might this be, eh?


Oddysey

[ProxRocks]

Sleipnir...
http://www.download.com/Sleipnir/3000-23...72663.html

I keep up to date with the latest and greatest beta release (currently build 2304114)...
http://sleipnir.pos.to/tmp2/test_unicode.zip

I keep my v1.66 around as well...
But all in all, v2.30 only misses two items of frequent use in v1.66 (clear personal info icon and view source for selected area icon [both functions available from the pull-down, of course, but the toolbar icons are of great assistance when debugging Proxo filters])...


And for you Dead Fox users, Sleipnir can use either the IE engine or the Gecko engine...

The English install works well, but the Gecko engine install GUI still needs some work (the OK/Cancel/Next icons are still in Japanese - but you can figure it out quite easily [just click the hilighted icon by default])...

The toolbar on v1.66 is more customizable than v2.30, but v2.30 offers a LOT more customizations (like in the search bar) And many others availiable via .ini files, .xml files, et cetera...

Truly awesome...