Search This Blog

Sunday, June 12, 2005

[NEWS] Internet Explorer and Opera JavaScript Ghost Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

Internet Explorer and Opera JavaScript Ghost Vulnerability
------------------------------------------------------------------------

SUMMARY

A bug in Internet Explorer and Opera's processing of JavaScript allows
attackers to run a JavaScript on the computer of the surfer, while the
making its source code inaccessible to the user.

DETAILS

Vulnerable Systems:
* Internet Explorer 6 SP2
* Opera version 7.54
* Opera version 8

Normally the code of an HTML page and all of it's JavaScript code is
visible to the user if the user asks for the source code of the HTML page.

Exploit:
< h1>Something < i>before</i></h1>
< br> the < b>JavaScript</b>... Blablalbla
< script type="text/jscript">
function init() {
document.write("The time is now: " + Date() );
}
window.onload = init;
</script>
And < u>something</u> after the < b>JavaScript</b>... Blablablablabla

If the user browser is vulnerable for this vulnerability, the result will
be "The time is now xxx" , where xxx is the date and time. While the user
will not see the "Something before the JavaScript" and also not the "and
something after the JavaScript".

Disclosure Timeline:
07-06-2005 - The bug was reported to the vendor
08-06-2005 - The bug was reported to the vendor

ADDITIONAL INFORMATION

The information has been provided by <mailto:development@seniorennet.be>
Pascal Vyncke.
The original article can be found at:
<http://research.seniorennet.be/Techresearch/Javascript_security_flaw_bug_ie_6/security_flaw_bug_javascript_ie_6_internet_explorer.php> Security flaw bug javascript ie 6 internet explorer

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)