Comments on: Spoofing Firefox protected objects http://www.thespanner.co.uk/2007/11/14/spoofing-firefox-protected-objects/ A tool for designers dealing with programmers dealing with designers... Fri, 25 Jul 2008 14:22:28 +0000 http://wordpress.org/?v=2.5.1 By: Gareth Heyes http://www.thespanner.co.uk/2007/11/14/spoofing-firefox-protected-objects/#comment-839 Gareth Heyes Thu, 15 Nov 2007 13:19:01 +0000 http://www.thespanner.co.uk/2007/11/14/spoofing-firefox-protected-objects/#comment-839 DOS is fun :D WebFu self defence ;) DOS is fun :D WebFu self defence ;)

]]> By: 排 尾 DaCat http://www.thespanner.co.uk/2007/11/14/spoofing-firefox-protected-objects/#comment-838 排 尾 DaCat Thu, 15 Nov 2007 12:50:43 +0000 http://www.thespanner.co.uk/2007/11/14/spoofing-firefox-protected-objects/#comment-838 Ah yeah, I was talking about S.O.P. but other things can still be an issue.. like exploiting some addons, or DoS attacks, or I dunno hehe :P Ah yeah, I was talking about S.O.P. but other things can still be an issue.. like exploiting some addons, or DoS attacks, or I dunno hehe :P

]]> By: Gareth Heyes http://www.thespanner.co.uk/2007/11/14/spoofing-firefox-protected-objects/#comment-834 Gareth Heyes Thu, 15 Nov 2007 09:20:19 +0000 http://www.thespanner.co.uk/2007/11/14/spoofing-firefox-protected-objects/#comment-834 Same origin policy might not be affected but it's still a issue because you can spoof any object for that session. I've already released a DOS attack based on these issues:- http://www.thespanner.co.uk/2007/11/14/firefox-history-dos-attack/ Same origin policy might not be affected but it’s still a issue because you can spoof any object for that session. I’ve already released a DOS attack based on these issues:-
http://www.thespanner.co.uk/2007/11/14/firefox-history-dos-attack/

]]> By: 排 尾 DaCat http://www.thespanner.co.uk/2007/11/14/spoofing-firefox-protected-objects/#comment-833 排 尾 DaCat Thu, 15 Nov 2007 01:56:02 +0000 http://www.thespanner.co.uk/2007/11/14/spoofing-firefox-protected-objects/#comment-833 The reason this is not an issue, is because firefox has 2 window objects, an internal window, and an external window.. the external window is modifiable, and the internal window is not, so when you modify document.domain rewriting prototypes and stuff at the external window, the internal window wont be changed.. Greetz!! The reason this is not an issue, is because firefox has 2 window objects, an internal window, and an external window.. the external window is modifiable, and the internal window is not, so when you modify document.domain rewriting prototypes and stuff at the external window, the internal window wont be changed..

Greetz!!

]]> By: Brandon Eisenmann http://www.thespanner.co.uk/2007/11/14/spoofing-firefox-protected-objects/#comment-832 Brandon Eisenmann Wed, 14 Nov 2007 22:15:47 +0000 http://www.thespanner.co.uk/2007/11/14/spoofing-firefox-protected-objects/#comment-832 Overwriting the getter/setter for the location object was fixed in 2002. Based on the bug discussion I'm not surprised they didn't get around to protecting other objects. https://bugzilla.mozilla.org/show_bug.cgi?id=143369 Overwriting the getter/setter for the location object was fixed in 2002. Based on the bug discussion I’m not surprised they didn’t get around to protecting other objects.

https://bugzilla.mozilla.org/show_bug.cgi?id=143369

]]> By: Gareth Heyes http://www.thespanner.co.uk/2007/11/14/spoofing-firefox-protected-objects/#comment-829 Gareth Heyes Wed, 14 Nov 2007 20:22:23 +0000 http://www.thespanner.co.uk/2007/11/14/spoofing-firefox-protected-objects/#comment-829 It's ok I know how to fix it, it's the template I've used but I prefer hacking Firefox than fixing CSS :) It’s ok I know how to fix it, it’s the template I’ve used but I prefer hacking Firefox than fixing CSS :)

]]> By: thorin http://www.thespanner.co.uk/2007/11/14/spoofing-firefox-protected-objects/#comment-828 thorin Wed, 14 Nov 2007 20:14:02 +0000 http://www.thespanner.co.uk/2007/11/14/spoofing-firefox-protected-objects/#comment-828 Sorry I didn't mean to make more work for you. I was hoping there'd be an easy fix for it. (It's not like yours is the only blog with this issue). Both of these have the same problem: http://myappsecurity.blogspot.com/ http://blogs.msdn.com/hackers/archive/2007/11/12/first-line-of-defense-for-web-applications-part-4.aspx Sorry I didn’t mean to make more work for you. I was hoping there’d be an easy fix for it. (It’s not like yours is the only blog with this issue).

Both of these have the same problem:
http://myappsecurity.blogspot.com/
http://blogs.msdn.com/hackers/archive/2007/11/12/first-line-of-defense-for-web-applications-part-4.aspx

]]> By: Gareth Heyes http://www.thespanner.co.uk/2007/11/14/spoofing-firefox-protected-objects/#comment-827 Gareth Heyes Wed, 14 Nov 2007 18:27:17 +0000 http://www.thespanner.co.uk/2007/11/14/spoofing-firefox-protected-objects/#comment-827 Yeah point taken Thorin, I've wrapped the code in the article. If I can be bothered I'll fix the css. Yeah point taken Thorin, I’ve wrapped the code in the article. If I can be bothered I’ll fix the css.

]]> By: thorin http://www.thespanner.co.uk/2007/11/14/spoofing-firefox-protected-objects/#comment-826 thorin Wed, 14 Nov 2007 18:08:15 +0000 http://www.thespanner.co.uk/2007/11/14/spoofing-firefox-protected-objects/#comment-826 When you post code is there a way to word wrap it @ the size of your blog article column width. Things often extend off the right side where they're unreadable. When you post code is there a way to word wrap it @ the size of your blog article column width. Things often extend off the right side where they’re unreadable.

]]> By: Nathan McFeters http://www.thespanner.co.uk/2007/11/14/spoofing-firefox-protected-objects/#comment-825 Nathan McFeters Wed, 14 Nov 2007 17:37:53 +0000 http://www.thespanner.co.uk/2007/11/14/spoofing-firefox-protected-objects/#comment-825 Holy Crap... that's really bad. Awesome find! Holy Crap… that’s really bad. Awesome find!

]]>