Comments on: Moz-binding XSS fun http://www.thespanner.co.uk/2008/02/04/moz-binding-xss-fun/ Javascript blog with messed up syntax inside Thu, 26 Jan 2012 01:38:34 +0000 hourly 1 By: Vinicius K-Max http://www.thespanner.co.uk/2008/02/04/moz-binding-xss-fun/#comment-1121 Vinicius K-Max Wed, 06 Feb 2008 01:57:21 +0000 http://www.thespanner.co.uk/2008/02/04/moz-binding-xss-fun/#comment-1121 awesome! :) awesome! :)

]]> By: Gareth Heyes http://www.thespanner.co.uk/2008/02/04/moz-binding-xss-fun/#comment-1119 Gareth Heyes Tue, 05 Feb 2008 09:26:43 +0000 http://www.thespanner.co.uk/2008/02/04/moz-binding-xss-fun/#comment-1119 @riahmatic Yep that's the expected behavior but FF2 seems to read the entities first and decode them but for some reason only takes into account the first few characters (maybe because it's in a style). I've not looked at FF3 yet much but I'm sure to have plenty of fun when I do :) If FF3 does enforce SOP on moz-binding then that's a good thing but I've not seen it mentioned anywhere. @riahmatic

Yep that’s the expected behavior but FF2 seems to read the entities first and decode them but for some reason only takes into account the first few characters (maybe because it’s in a style).

I’ve not looked at FF3 yet much but I’m sure to have plenty of fun when I do :) If FF3 does enforce SOP on moz-binding then that’s a good thing but I’ve not seen it mentioned anywhere.

]]> By: riahmatic http://www.thespanner.co.uk/2008/02/04/moz-binding-xss-fun/#comment-1118 riahmatic Tue, 05 Feb 2008 04:07:31 +0000 http://www.thespanner.co.uk/2008/02/04/moz-binding-xss-fun/#comment-1118 error console in FF3: Warning: Unknown property '尭屭屯屺尭屢屩屮層屩屮屧'. Declaration dropped. Though I think FF3 enforces SOP on -moz-binding now anyway, right? error console in FF3:
Warning: Unknown property ‘尭屭屯屺尭屢屩屮層屩屮屧’. Declaration dropped.

Though I think FF3 enforces SOP on -moz-binding now anyway, right?

]]> By: Gareth Heyes http://www.thespanner.co.uk/2008/02/04/moz-binding-xss-fun/#comment-1116 Gareth Heyes Mon, 04 Feb 2008 15:24:18 +0000 http://www.thespanner.co.uk/2008/02/04/moz-binding-xss-fun/#comment-1116 Another thing I forgot to mention is that noscript silently disables moz-binding, so you have to disable noscript to test the vector. Another thing I forgot to mention is that noscript silently disables moz-binding, so you have to disable noscript to test the vector.

]]> By: Gareth Heyes http://www.thespanner.co.uk/2008/02/04/moz-binding-xss-fun/#comment-1115 Gareth Heyes Mon, 04 Feb 2008 15:21:08 +0000 http://www.thespanner.co.uk/2008/02/04/moz-binding-xss-fun/#comment-1115 Yep only tested in Firefox 2, although other tricks may be possible with FF3, I might have a go at that some other time :) Yep only tested in Firefox 2, although other tricks may be possible with FF3, I might have a go at that some other time :)

]]> By: pdp http://www.thespanner.co.uk/2008/02/04/moz-binding-xss-fun/#comment-1114 pdp Mon, 04 Feb 2008 14:55:16 +0000 http://www.thespanner.co.uk/2008/02/04/moz-binding-xss-fun/#comment-1114 interesting, I quickly checked the method in Firefox 3 and it doesn't seem to work. I haven't checked it in Firefox 2 though. interesting, I quickly checked the method in Firefox 3 and it doesn’t seem to work. I haven’t checked it in Firefox 2 though.

]]>