The Un-Official Proxomitron Forum / Proxomitron Filters / Privacy/Security/Spam / Mozilla browser "about:" exploit


Post Reply 
Mozilla browser "about:" exploit
Dec. 09, 2004, 12:09 PM
Post: #4
sidki3003 Offline
Administrator
*******
 		Posts: 1,458
Joined: Mar 2004
 
Siamesecat Wrote:I was not trying to catch "src=", but "about:<whatever>" exploits.&nbsp; I read somewhere that many of the "about:*" codes can be exploited by malicious code, but had not thought much about it until this demo came along.
Where? As you said, the exploit you referred to deals with printing an iframe source. "about:blank" was just an example, it works with "/nicepath/nicename.html" as well (and has been fixed in the nightly builds). See here for a "non-about" crash.

Quote:Could a web page query my browser with, for instance, "about:plugins" to find out what plugins I had installed?
Pages like "about:mozilla" work only locally, like that "I can see your hard disk!" followed by a "file:///c:/" iframe joke. The security relevant pages are disabled for remote webpages in Mozilla anyway - see here.

sidki
Add Thank You Quote this message in a reply
Post Reply 


Messages In This Thread
[] - Siamesecat - Dec. 08, 2004, 08:08 AM
[] - sidki3003 - Dec. 08, 2004, 05:17 PM
[] - Siamesecat - Dec. 09, 2004, 06:30 AM
[] - sidki3003 - Dec. 09, 2004 12:09 PM
[] - Kye-U - Dec. 09, 2004, 08:55 PM
[] - Siamesecat - Dec. 10, 2004, 07:39 AM
[] - Siamesecat - Dec. 10, 2004, 08:13 AM
[] - sidki3003 - Dec. 10, 2004, 12:32 PM
[] - Siamesecat - Dec. 12, 2004, 07:21 AM
[] - sidki3003 - Dec. 12, 2004, 05:16 PM
[] - Oddysey - Dec. 12, 2004, 05:56 PM
[] - sidki3003 - Dec. 12, 2004, 07:17 PM
[] - sidki3003 - Dec. 12, 2004, 08:21 PM
[] - Oddysey - Dec. 12, 2004, 11:09 PM
[] - sidki3003 - Dec. 13, 2004, 02:32 AM
[] - Kye-U - Dec. 15, 2004, 04:40 AM
[] - Kye-U - Dec. 25, 2004, 07:37 AM

Forum Jump:


Contact Us | The Un-Official Proxomitron Site | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication