Re: Firefox focus stealing vulnerability (possibly other browsers)

To: Claus Färber <GMANE@xxxxxxxxxxxxxx>
Subject: Re: Firefox focus stealing vulnerability (possibly other browsers)
From: Michal Zalewski <lcamtuf@xxxxxxxxxxxx>
Date: Mon, 12 Feb 2007 21:53:47 +0100 (CET)
Cc: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
In-reply-to: <eqobal$o2e$1@xxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <200702112235.l1BMZNBE010007@xxxxxxxxxxxxxxxxxxxxxx> <Pine.LNX.4.58.0702112339300.30989@dione> <eqobal$o2e$1@xxxxxxxxxxxxx>

On Mon, 12 Feb 2007, [ISO-8859-1] Claus Färber wrote:

> A proper solution would be to keep a list of files explicitly selected
> by the user and only allow uploads of files in this list. Then even if a
> script can manipulate the field, the browser won't upload files that
> have not been selected by the user.

Not necessarily that easy: notice that it is the user who enters the name
of a target file.

Unless you want to prevent the browser from accepting any files that were
not chosen using a visual file selector widget - but in such a case,
there's not much point in having a manual file path entry box in the first
place.

/mz

Follow-Ups:
- Re: Firefox focus stealing vulnerability (possibly other browsers)
  - From: Andreas Beck
- Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers)
  - From: pdp (architect)

References:
- Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers)
  - From: Paul Szabo
- Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers)
  - From: Michal Zalewski
- Re: Firefox focus stealing vulnerability (possibly other browsers)
  - From: Claus Färber

Prev by Date: Re: [BLACKLIST] [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?
Next by Date: Re: Firefox focus stealing vulnerability (possibly other browsers)
Previous by thread: Re: Firefox focus stealing vulnerability (possibly other browsers)
Next by thread: Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers)
Index(es):
- Date
- Thread