Michal Zalewski has discovered an interesting vulnerability in how Firefox handles bookmarks.
It is relatively easy to trick a casual user into bookmarking a window that does not point to any physical location, but rather, is an inline data: URL scheme otherwise convincingly pretending to be a “tangible” webpage.
When the bookmark is later clicked, javascript code within the link will execute in the context of a last visited webpage. Actually this is a technique used by a legitimate mechanism of bookmarklets except that bookmarklets don’t attempt to camouflage as a webpage, cannot be normally added with Ctrl-D alone, and are expected to be entered and invoked as a conscious user action instead.
Zalewski says the vulnerability is not really devastating but warns that any attention-grabbing webpage can spawn such a window for the user to bookmark, and then exploit this to launch attacks against, for example, common start pages such as Google, MSN, or AOL, possibly stealing credentials for services such as Google Mail. In an unlikely case the victim is browsing local files or special URLs, system compromise is possible.
You can follow the following steps to see a demo of the vulnerability:
- Click here to begin the test.
- Follow the displayed instructions: bookmark the page, close the window.(…later…)
- Visit Google.com homepage.
- Open your bookmarks, choose the recently added entry (“Amazingly cool page!”).
Depending on the outcome of this test, you will be taken back to an appropriate page on this server.
Last news is that Mozilla’s security response team is working on a fix.
You May Also Be Interested In...
- Put Facebook Chat in Firefox sidebar
- Add any Search Engine to the Firefox search bar with ease
- Send Web Sites to Your Inbox With Toread
- 17 Firefox tips to enhance your browsing experience
- Firefox – Keep your favorite Google doodle all year round
- Sputtr – makes your web search fast and easy
- How to simultaneously log into Yahoo Messenger with multiple usernames
- Firefox 3 location bar is truly awesome
Subscribe Now
If you enjoyed this post, you will definitely enjoy our others. Subscribe to the feed to get future posts delivered right to your mailbox or feedreader.
Powered by Thesis
An amazing WordPress Theme, nothing beats the versatility and SEO friendliness of the Thesis framework.
From beginners, to the most advanced WordPress developers, Thesis makes it easy for anyone to customize it.
