Wieners, Brats, Franks, we've got 'em all.
0 Members and 1 Guest are viewing this topic.
__SummaryUsually Firefox does not allow that an executable, non-image file gets directly dragged to the desktop (e.g. by supplying malware.exe as the src of an image tag). Instead Firefox creates a link to the file on the desktop.If you create a hybrid of a gif image and a batch file you can trick Firefox. Since the hybrid renders as a valid image, Firefox tries to copy the image to the desktop when dropped. By creating the image dynamicly and forcing the content type image/gif, the file can be of any extension (e.g. image.bat or image.exe).The windows batch file parser is pretty forgiving. It just ignores the first line of "gif trash" and executes whatever you append to the end of the hybrid file.Since windows hides known file extensions by default, a user can only tell that something went wrong by looking at the file icon, which is different of course. If the user does not care or know what this different icon means, a double click to view or edit the "image" he just dropped executes the batch file instead.__Proof-of-Concepthttp://www.mikx.de/firedragging/__StatusThe bug is marked as fixed in bugzilla. Get a nightly build, compile on your own or wait for Firefox 1.0.1.2005-01-26 Vendor informed (bugzilla.mozilla.org #279945)2005-01-31 Vendor confirmed bug2005-02-03 Vendor fixed bug2005-02-07 Public disclosureThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0230 to this issue.__Affected SoftwareTested with Firefox 1.0 and Mozilla 1.7.5__Contact InformationsMichael Krax <mikx@mikx.de>http://www.mikx.de/?p=8mikx_______________________________________________Full-Disclosure - We believe in it.Charter: http://lists.netsys.com/full-disclosure-charter.html
Author
Topic: Small vulnerability in firefox~ (Read 1917 times)
