You are not logged in.

#1 2005-03-01 04:04:28

k-dub
Member
Registered: 2004-11-12
Posts: 49

Offline

#2 2005-03-01 14:43:54

i3839
Member
Registered: 2004-02-04
Posts: 1,185

Re: firefox plugin security hole

Michael Krax's "Fireflashing" example demonstrates that an attacker can open about:config in a frame, hide it with an opacity setting, and if the attacker can get the victim to click at a particular spot (design some kind of simple game) you could toggle boolean preferences, some of which would make further attacks easier.

I don't know, but somehow this makes me only laugh and doesn't scare me at all. tongue

Offline

#3 2005-03-01 14:57:25

jerem
Member
From: France
Registered: 2005-01-15
Posts: 310

Re: firefox plugin security hole

Next Firefox version is supposed to have improved support against phishing and fake sites that make these exploits still possible.

Offline

#4 2005-03-01 23:37:59

JGC
Developer
Registered: 2003-12-03
Posts: 1,664

Re: firefox plugin security hole

compiling 1.0.1 now, hope to have it in the repositories tomorrow (no, I don't have access to it :X)

Offline

#5 2005-03-02 00:54:46

skoal
Member
From: Frequent Flyer Underworld
Registered: 2004-03-23
Posts: 612
Website

Re: firefox plugin security hole

This information is good to know, but I think I share i3839's sentiments.  Hell, I seem to wipe my computer clean every 3 months anway.  If you want to hack my box, just "pm" me and I'll give you my IP and root password.  No point in making things difficult for either of us...

Offline

#6 2005-03-02 01:03:09

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,622
Website

Re: firefox plugin security hole

skoal wrote:

If you want to hack my box, just "pm" me and I'll give you my IP and root password.  No point in making things difficult for either of us...

:?:
With a name like skoal, I was surprised your root password is "LEVI#garrett"
wink


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

#7 2005-03-03 01:28:23

skoal
Member
From: Frequent Flyer Underworld
Registered: 2004-03-23
Posts: 612
Website

Re: firefox plugin security hole

cactus wrote:

With a name like skoal, I was surprised your root password is "LEVI#garrett"

Yeah, you got me.  However, I typed "w -f" last nite and saw you rooting my machine.  By the way, those videos on my `/home/vids` partition aren't mine.  I got those from Phrakture's box awhile back when I rooted him. 

The best thing about you rooting my machine is...I got your IP now sucker...

muahahhah...
muahahahahaaha...

damn, here I go again...

Offline

#8 2005-03-03 01:30:32

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,622
Website

Re: firefox plugin security hole

wink
We don't just have webs of trust, we have roots of trust.


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

#9 2005-03-03 01:37:15

skoal
Member
From: Frequent Flyer Underworld
Registered: 2004-03-23
Posts: 612
Website

Re: firefox plugin security hole

cactus wrote:

wink
We don't just have webs of trust, we have roots of trust.

Yes, indeed.  Great concept too.  Cactus and Skoal = shared root access = parallel computing distributed system.  I just noticed my CPU usage jump to 98% use...lay off my "mp3"s homey...

Offline

#10 2005-03-03 02:03:42

Dusty
Schwag Merchant
From: Medicine Hat, Alberta, Canada
Registered: 2004-01-18
Posts: 5,986
Website

Re: firefox plugin security hole

Like me, you guys have too much time on your hands.

Offline

#11 2005-03-03 02:24:16

skoal
Member
From: Frequent Flyer Underworld
Registered: 2004-03-23
Posts: 612
Website

Re: firefox plugin security hole

Dusty wrote:

Like me, you guys have too much time on your hands.

Yeah, I'm knocking off a few "cold ones" anyway for the next hour or so...

I've earned it...been in the office for 12 hours.  Plus, television sux and I got this wireless keyboard on my lap with a 5 Mbit pipe to the internet.  What would you do?

Offline

#12 2005-03-03 03:50:22

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,622
Website

Re: firefox plugin security hole

skoal wrote:

I've earned it...been in the office for 12 hours.  Plus, television sux and I got this wireless keyboard on my lap with a 5 Mbit pipe to the internet.  What would you do?

Well, I couldn't do it with a keyboard on my lap, I can tell you that much..


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

#13 2005-03-03 06:54:41

skoal
Member
From: Frequent Flyer Underworld
Registered: 2004-03-23
Posts: 612
Website

Re: firefox plugin security hole

cactus wrote:

Well, I couldn't do it with a keyboard on my lap, I can tell you that much..

That hasn't stopped me before...

You're talking about getting up from the chair and grabbing another "cold one" from the fridge, right?

muahahha...

Offline

Board footer

Powered by FluxBB