InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

CoolPreviews Vulnerability

https://forums.informaction.com/viewtopic.php?t=4675

Page 1 of 1

CoolPreviews Vulnerability

Posted: Wed Jul 14, 2010 4:48 am
by Alan Baxter
http://blog.mozilla.com/addons/2010/07/ ... ouncement/
Add-on security vulnerability announcement
One malicious add-on and another add-on with a serious security vulnerability were discovered recently on the Mozilla Add-ons site. Both issues have been dealt with, and the details are described below....
Mozilla Sniffer ...
CoolPreviews ...
The blog describes the vulnerability in CoolPreview as
A security escalation vulnerability was discovered in version 3.0.1 of the CoolPreviews add-on. The vulnerability can be triggered using a specially crafted hyperlink. If the user hovers the cursor over this link, the preview function executes remote JavaScript code with local chrome privileges, giving the attacking script control over the host computer.
Would NoScript block "the remote JavaScript code" attempting to run "with local chrome privileges"?

Re: CoolPreviews Vulnerability

Posted: Wed Jul 14, 2010 7:44 am
by Giorgio Maone
Alan Baxter wrote:Would NoScript block "the remote JavaScript code" attempting to run "with local chrome privileges"?
Nope. As far as I can tell, the vulnerable Cooliris Preview version takes it from the link and injects it in chrome context. Therefore NoScript has no chance to tell it came from an untrusted web page.

Re: CoolPreviews Vulnerability

Posted: Wed Jul 14, 2010 2:22 pm
by Alan Baxter
Thanks for the info, Giorgio. I don't use CoolPreviews and was just curious, but the info may be useful to any NoScript user who may have used it.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited