Jump to content
Nytro

Cross Context Scripting with Firefox

By Nytro, in Tutoriale in engleza

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

Cross Context Scripting with Firefox

Roberto Suggi Liverani

Senior Security Consultant

Security-Assessment.com

21 April 2010

Contents
Abstract ............................................................................................................................ 3
1. Introduction .................................................................................................................. 4
1.1 XPCOM Component Model ........................................................................................ 4
1.2 XUL ............................................................................................................................ 4
1.3 Chrome ....................................................................................................................... 5
1.4 XBL - Custom tags........................................................................................................ 5
1.5 XUL Overlay ................................................................................................................ 5
1.6 Themes, Skins and Locales ........................................................................................... 5
2. XCS Cases .................................................................................................................. 6
2.1 Case I: XCS via Event Handlers – Drag and Drop ............................................................. 6
2.2 Case II: Attacking Custom DOM event handlers................................................................ 8
2.3 Case III: Cross Domain Content/Script Include ............................................................... 10
2.4 Case IV: Injection via XBL ........................................................................................... 12
2.5 Case V: Attacking Wrappers ........................................................................................ 14
2.6 Case VI: Attacking XPCOM Components....................................................................... 15
2.7 Case VII: Sandbox Chrome Leakage ............................................................................ 18
2.8 Case VIII: Bypassing nsIScriptableUnescapeHTML.parseFragment() ................................ 19
3. Conclusion ................................................................................................................. 21
4. References ................................................................................................................ 22

Download:

http://security-assessment.com/files/documents/whitepapers/Cross_Context_Scripting_with_Firefox.pdf

http://security-assessment.com/files/documents/whitepapers/Exploiting_Cross_Context_Scripting_vulnerabilities_in_Firefox.pdf

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...