[Full-disclosure] New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities
Michal Zalewski
lcamtuf at dione.ids.pl
Mon Jul 2 10:15:06 BST 2007
On Mon, 2 Jul 2007, Joseph Hick wrote:
> I succeeded in writing the same PoC without label with minor
> modifications.
Would that allow you to selectively redirect keystrokes (that is, check
event's keycode)? More importantly, does Carl's original example allow
that?:-)
An example of event check logic is implemented in my original POC; if you
can't redirect selectively (that is, prevent certain events from being
delivered to INPUT TYPE=FILE field), the flaw is much less severe.
(Would check that, but am at work).
/mz
Full-Disclosure is hosted and sponsored by Secunia.