what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Hardened-PHP Project Security Advisory 2007-03.142

Hardened-PHP Project Security Advisory 2007-03.142
Posted Feb 24, 2007
Authored by Stefan Esser, Hardened-PHP Project | Site hardened-php.net

Hardened PHP Project Security Advisory - Multiple browsers suffers from a cross domain charset inheritance vulnerability. Affected include Firefox versions 2.0.0.1 and below, Internet Explorer 7,and Opera 9.

tags | advisory, php
SHA-256 | dcd8c435391d3c078ac9563c091bc0f6313cafd8de503cb88d02e58310efcc93

Hardened-PHP Project Security Advisory 2007-03.142

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hardened-PHP Project
www.hardened-php.net

-= Security Advisory =-


Advisory: Multiple Browsers Cross Domain Charset Inheritance Vulnerability
Release Date: 2007/02/23
Last Modified: 2007/02/23
Author: Stefan Esser [sesser@hardened-php.net]

Application: Firefox <= 2.0.0.1, Internet Explorer 7, Opera 9
Not affected: Internet Explorer 6, Opera 8
Severity: Web-pages without a defined charset will be rendered
with the charset of the parent page when put into an
(i)frame. This might allow bypassing XSS filters
with for example UTF-7 payload
Risk: Low
Vendor Status: Only Mozilla reacted and released Firefox 2.0.0.2 which fixes this issue
References: http://www.hardened-php.net/advisory_032007.142.html


Overview:

While testing Firefox it was discovered that pages not specifying
a charset in a HTTP Content-Type header or from within a HTML META
tag, inherit the charset of the parent page when they are rendered
within an (i)frame, even when both pages are on different domains.

This opens up Firefox to all the UTF-7 XSS vulnerabilities that were
reported in the past (google.com, mediawiki, ...) and are usually
attributed to only affect Internet Explorer due to its charset
autodetection. All an attacker needs to get it working is put the
XSS attack into an iframe on a site using UTF-7.

After the initial contact with the Mozilla team Internet Explorer 7
was released which unlike Internet Explorer is also vulnerable to
the charset inheritance issue. Hinted by the Mozilla developers it
was also discovered that Opera 9 unlike Opera 8 also introduced
this vulnerability.

Unfortunately neither Microsoft nor Opera were interested in the
vulnerability. Opera did not react at all on our bug report and
Microsoft just sent a nonsense mail to us, claiming that we had
disclosed this already to the public and that they like getting
advance notice. We never heard back from them after that initial
email. Not really surprising because it is a similar behaviour we
previously encountered when dealing with them.


Proof of Concept:

The Hardened-PHP Project is not going to release a proof of concept
exploit for this vulnerability.


Disclosure Timeline:

11. October 2006 - Notified security@mozilla.org
23. February 2007 - Firefox 2.0.0.2 released
23. February 2007 - Public Disclosure


Recommendation:

We strongly recommend to upgrade to Firefox 2.0.0.2 which also
fixes several other security vulnerabilities not reported by us
and therefore not covered by this advisory.

http://mozilla.org/


GPG-Key:

http://www.hardened-php.net/hardened-php-signature-key.asc

pub 1024D/0A864AA1 2004-04-17 Hardened-PHP Signature Key
Key fingerprint = 066F A6D0 E57E 9936 9082 7E52 4439 14CC 0A86 4AA1


Copyright 2007 Stefan Esser. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFF32E6RDkUzAqGSqERApcNAKCZuga9MqD8YXoVvBWvkPjBaskZwgCfV9wy
ir2XC0ZpOGDkW4f3twiBxsc=
=spEd
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    0 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close