This is a multi-part message in MIME format.

------=_NextPart_000_01CC_01C53143.E93FF5A0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit


Maxthon browser search bar information disclosure advisory


URL: http://www.raffon.net/advisories/maxthon/searchbarid.html
Date: March 25, 2005
Author: Aviv Raff 


Introduction

"Maxthon Internet Browser software is a powerful tabbed browser with a
highly customizable interface. It is based on the Internet Explorer browser
engine..." (from Maxthon website <http://www.maxthon.com/> ).
Maxthon installs by default a search utility bar, which contains an
information disclosure vulnerability.


Technical Details

Maxthon's API includes a property named "m2_search_text", which allows
plug-ins to interact with the search bar.
Any website the user visits can easily fetch the search bar's data using
this property, the same way plug-ins do.
Tested version: 1.2.0
Older versions might be affected too. 


Proof Of Concept

http://www.raffon.net/advisories/maxthon/searchbarpoc.html



Timetable

02-Mar-2005: Vendor informed.
03-Mar-2005: Vendor confirmed vulnerability.
24-Mar-2005: Vendor published a fixed version.
25-Mar-2005: Public disclosure.



Solution

Upgrade to version 1.2.1.



Disclaimer: The information in this advisory and any of its demonstrations
is provided "as is" without warranty of any kind.

-- Copyright C 2005 Aviv Raff. --

------=_NextPart_000_01CC_01C53143.E93FF5A0
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2900.2604" name=3DGENERATOR></HEAD>
<BODY dir=3Dltr>
<DIV><FONT size=3D2>
<H3>Maxthon browser search bar information disclosure advisory</H3>
<H5><SPAN class=3D500255611-25032005>URL: <A=20
href=3D"http://www.raffon.net/advisories/maxthon/searchbarid.html">http:/=
/www.raffon.net/advisories/maxthon/searchbarid.html</A><BR></SPAN>Date:=20
March 25, 2005<BR>Author: Aviv Raff </H5>
<H4><U>Introduction</U></H4>"Maxthon Internet Browser software is a =
powerful=20
tabbed browser with a highly customizable interface. It is based on the =
Internet=20
Explorer browser engine..." (from Maxthon <A=20
href=3D"http://www.maxthon.com/">website</A>).<BR>Maxthon installs by =
default a=20
search utility bar, which contains an information disclosure =
vulnerability.<BR>
<H4><U>Technical Details</U></H4>Maxthon's API includes a =
property&nbsp;<SPAN=20
class=3D500255611-25032005>named </SPAN>"m2_search_text", which allows =
plug-ins to=20
interact with the search bar.<BR>Any website the user visits can easily =
fetch=20
the search bar's data using this property, the same way plug-ins=20
do.<BR><B>Tested version:</B> 1.2.0<BR>Older versions might be affected =
too.=20
<BR>
<H4><U>Proof Of Concept</U></H4><A=20
href=3D"http://www.raffon.net/advisories/maxthon/searchbarpoc.html">http:=
//www.raffon.net/advisories/maxthon/searchbarpoc.html</A><BR><BR>
<H4><U>Timetable</U></H4>02-Mar-2005: Vendor informed.<BR>03-Mar-2005: =
Vendor=20
confirmed vulnerability.<BR>24-Mar-2005: Vendor published a fixed=20
version.<BR>25-Mar-2005: Public disclosure.<BR><BR>
<H4><U>Solution</U></H4>Upgrade to version 1.2.1.<BR><BR>
<H5>Disclaimer: The information in this advisory and any of its =
demonstrations=20
is provided "as is" without warranty of any kind.</H5>-- Copyright =
&copy; 2005 Aviv=20
Raff. --</FONT></DIV></BODY></HTML>

------=_NextPart_000_01CC_01C53143.E93FF5A0--