Apple's Safari 4 also fixes cross-domain XML theft
Page 1 of 1
Apple's Safari 4 also fixes cross-domain XML theft
Safari 4 also fixes an interesting cross-domain XML theft. Full technical details live here:
http://scary.beasts.org/security/CESA-2009-008.html
XML theft can include highly sensitive data thanks to things like XHTML, AJAX-y RPCs using XML and authenticated RSS feeds. The example I have steals XML representing a logged-in Gmail user's inbox:
Safari 3 demo for users logged in to Gmail
I think there's a lot more room for browser-based cross-domain leaks (sometimes called UXSS or universal XSS). This is because the pace of new browser features is very high, and lots more functionality is being added that involves reference by URI. Every such addition is a possible vector for a missing or incorrect (e.g. 302 redirect tricks) cross-domain check; or even an ill-advised specification-based cross-domain leak.
This is one of the serious Safari bugs demoed but not disclosed at my PacSec and presentations.
http://scary.beasts.org/security/CESA-2009-008.html
XML theft can include highly sensitive data thanks to things like XHTML, AJAX-y RPCs using XML and authenticated RSS feeds. The example I have steals XML representing a logged-in Gmail user's inbox:
Safari 3 demo for users logged in to Gmail
I think there's a lot more room for browser-based cross-domain leaks (sometimes called UXSS or universal XSS). This is because the pace of new browser features is very high, and lots more functionality is being added that involves reference by URI. Every such addition is a possible vector for a missing or incorrect (e.g. 302 redirect tricks) cross-domain check; or even an ill-advised specification-based cross-domain leak.
This is one of the serious Safari bugs demoed but not disclosed at my PacSec and presentations.
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics
» Generic cross-browser cross-domain theft
» Apple's Safari 4 fixes local file theft attack
» Firefox fixes CSS-based cross-origin theft issue
» Posting raw XML cross-domain
» Cross-domain search timing
» Apple's Safari 4 fixes local file theft attack
» Firefox fixes CSS-based cross-origin theft issue
» Posting raw XML cross-domain
» Cross-domain search timing
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|