Multiple file input focus stealing vulnerabilities
- February 7, 2008
- hong, Gregory Fleischer
- Firefox, SeaMonkey
- Fixed in
- Firefox 184.108.40.206
- SeaMonkey 1.1.8
Security researchers hong and Gregory
Fleischer each reported a variant on earlier reported bugs
regarding focus shifting in file input controls. Their variants
used file input controls nested inside
to take advantage of automatic focus shifting into the file input field
noted on the Hacker WebZine. As with the earlier reported issues
this issue could be used to force a user to upload arbitrary files
assuming the attacker knows the full path and name of the file.
These bugs are variations on earlier problems reported by Charles McAuley and Michal Zalewski which were fixed in Firefox 220.127.116.11, as well as an issue reported by hong which was fixed in Firefox 18.104.22.168.
Gregory Fleischer also submitted several other variations of the same problem.
- Focus shifting bugs
(proofs-of-concept details embargoed)