Michal Zalewski sent the following mail to security@mozilla.org, full-disclosure and bugtraq: - - - - - - - - - - - - - - - - - - - - - There is a serious vulnerability in Mozilla Firefox, tested with 2.0.0.1, but quite certainly affecting all recent versions.
The problem lies in how Firefox handles writes to the 'location.hostname' DOM property. It is possible for a script to set it to values that would not otherwise be accepted as a hostname when parsing a regular URL - including a string containing \x00.
Doing this prompts a peculiar behavior: internally, DOM string variables are not NUL-terminated, and as such, most of checks will consider 'evil.com\x00foo.example.com' to be a part of *.example.com domain. The DNS resolver, however, and much of the remaining browser code, operates on ASCIZ strings native to C/C++ instead, treating the aforementioned example as 'evil.com'.
This makes it possible for evil.com to modify location.hostname as described above, and have the resulting HTTP request still sent to evil.com. Once the new page is loaded, the attacker will be able to set cookies for *.example.com; he'll be also able to alter document.domain accordingly, in order to bypass the same-origin policy for XMLHttpRequest and cross-frame / cross-window data access.
If you want to confirm a successful exploitation, check Tools -> Options -> Privacy -> Show Cookies... for coredump.cx after the test; for the demo to succeed, the browser needs to have Javascript enabled, and must accept session cookies.
The impact is quite severe: malicious sites can manipulate authentication cookies for third-party webpages, and, by the virtue of bypassing same-origin policy, can possibly tamper with the way these sites are displayed or how they work.
Regards, /mz
ma police, boston ma police, massachusetts police, massachusetts police, mass state police, mass police, ma, mass, massachusetts, massachusetts, massachutes, massachusetts law, massachusetts polece, police, officer, police officer, cops, police gear, law enforcement, police duty gear, state police, sheriff, law, police supply, police agency directory, police agency, police department, traffic officer, police dept, state trooper, dispatcher, massachusetts county sheriff, massachusetts sheriff, massachusetts department of corrections, ma doc, doc, dept of corrections, police information, civil service, ma civil service, massachusetts crime, police training, police academy, ma police academy, massachusetts officers, masscop, masscops, mpa, bpa, ibpoa, police association, massachusetts police news, massachusetts crime news, mass most wanted, police career information, police patrol, police administration, police books, crime scene training, police discussion, crime discussions, cops
About MassCops, the home for Massachusetts law enforcement.
The Massachusetts Law Enforcement Network opened in 1998 and is now a part of the New England Police Network The site is a pro-police discussion forum intended for sworn police officers and civilian law enforcement officials as well as those interested in pursuing a career in law enforcement here in Massachusetts.
The goal of The Massachusetts Law Enforcement Network is to provide an informal network of law enforcement officials here in Massachusetts for educational and informational purposes.
The forum covers many topics such as Police Related News Articles, Agency & Profession Discussions, Police Training as well as Law Enforcement Career Information.
The Massachusetts Law Enforcement Network and The New England Police Network (NEPN) and it's network sites are privately owned websites/domains and are not affiliated with or endorsed by any government association or agency.
MassCops (masscops.com) and (masscop.com) are privately owned are not affiliated with or endorsed by the Massachusetts Coalition of Police (masscop.org)
ma police, boston ma police, massachusetts police, massachusetts police, mass state police, mass police, ma, mass, massachusetts, massachusetts, massachutes, massachusetts law, massachusetts polece, police, officer, police officer, cops, police gear, law enforcement, police duty gear, state police, sheriff, law, police supply, police agency directory, police agency, police department, traffic officer, police dept, state trooper, dispatcher, massachusetts county sheriff, massachusetts sheriff, massachusetts department of corrections, ma doc, doc, dept of corrections, police information, civil service, ma civil service, massachusetts crime, police training, police academy, ma police academy, massachusetts officers, masscop, masscops, mpa, bpa, ibpoa, police association, massachusetts police news, massachusetts crime news, mass most wanted, police career information, police patrol, police administration, police books, crime scene training, police discussion, crime discussions, cops