Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous

To: RSnake <rsnake@xxxxxxxxxxxx>
Subject: Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
From: "Brian Eaton" <eaton.lists@xxxxxxxxx>
Date: Mon, 8 Jan 2007 14:06:34 -0500
Cc: "Amit Klein" <aksecurity@xxxxxxxxx>, bugtraq@xxxxxxxxxxxxxxxxx, "Web Security" <websecurity@xxxxxxxxxxxxx>
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=HIsY18jtMiEXDvEALvnuz1YVa33AzBEtQdrSh0trRdbZwfQ1rlOds3aJjJezf7SXl7H/k1hrr47OIhinyeGucJQLe0G4KOOwK/cgKYX7IHL8bFu2vNWdSTIbriyCIFkvKezWDga32MrxleL2GvLmA6DWgABGuxkItElRnk/Gydw=
In-reply-to: <Pine.LNX.4.64.0701080835450.27722@xxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <6905b1570701021820v7b22961do7226be1bcf04fa57@xxxxxxxxxxxxxx> <459B3C78.2080007@xxxxxxxxx> <459BF2B6.4050807@xxxxxxxxx> <26162adb0701032227i674df796m783f5d1f95c1a7b1@xxxxxxxxxxxxxx> <459D73C4.5060709@xxxxxxxxx> <Pine.LNX.4.64.0701050800480.16727@xxxxxxxxxxxxxxxxxxxx> <459E9611.7050103@xxxxxxxxx> <Pine.LNX.4.64.0701080835450.27722@xxxxxxxxxxxxxxxxxxxx>

Someone (I believe RSnake) pointed out that many browser machines have
PDF files in predictable locations that can be accessed via file://
links.  That lets an attacker gain local javascript execution.  At one
point Firefox had a rule restricting http:// and https:// web pages
from accessing file:// links.  Does that rule still exist, and if so
does it mitigate the risk posed to firefox users?

Regards,
Brian

References:
- Universal XSS with PDF files: highly dangerous
  - From: pdp (architect)
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  - From: Amit Klein
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  - From: Amit Klein
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  - From: Amit Klein
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  - From: RSnake
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  - From: Amit Klein
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  - From: RSnake

Prev by Date: Re: SAP Security Contact
Next by Date: ppc engine Multiple file inclusion
Previous by thread: Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
Next by thread: RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
Index(es):
- Date
- Thread