[Full-disclosure] New flaw found in Firefox 18.104.22.168: Firefox file input focus vulnerabilities
lcamtuf at dione.ids.pl
Sat Jun 30 22:03:29 BST 2007
On Sat, 30 Jun 2007, carl hardwick wrote:
> The vulnerability allows the attacker to silently redirect focus of
> selected key press events to an otherwise protected file upload form
> field. This is possible because of how onKeyDown event is handled,
> allowing the focus to be moved between the two. This enables the
> attacker to read arbitrary files on victim's system.
Hey, that's a copy&paste from my post! ;-)
Full-Disclosure is hosted and sponsored by Secunia.