Multiple vulnerabilities in Flock Browser 3.0.0.3989
Vendor URL: http://beta.flock.com/
Vendor Advisores: http://www.flock.com/security/
Advisore:http://lostmon.blogspot.com/2011/03/multiple-vulnerabilities-in-flock.html
Vendor notify:YES exploits availables:YES
#########################################
Some stuff that i don't have published before , because i don't have time , i'm studing and i need time to read books and study.
Flock is faster, simpler, and more friendly. Literally. It's the only sleek, modern web browser with the built-in ability to keep you up-to-date with your Facebook and Twitter friends. This browser version (3.0.0.3989) is based in a old chromium project (5.0.375.75) and has multiple bugs imported from chrome and his owns bugs :)
I have contributed in secure Flock browser, i have tested version with google chrome base.
I have do a list with all issues that i found and Flock Team has release some advisores about it time after.
###############
TODO LIST / Bugs
###############
- Inspector window attributes script injection chrome bug 31590
- XSS in search engine in chrome://history/ chrome bug 13760( not exploitable from remote attackers ) (chrome://history/#q="><iframe src=javascript:alert(1)>&p=0)
- XSS in search box in favorites page ( chrome-extension://flock_people/favorites.html#p=1&v=all&o=0&s=title)(not explotable from remote attackers)
- XSS in search engine extension when paste in url (chrome-extension://flock_people/search.html)( persistent xss)(not exploiable from remote attackers)
- XSS in social extension when try to login in facebook or twiter or youtube (not exploitable from remote attackers)
- XSS in rss vienwer in search box chrome-extension://flock_people/feed_viewer.html?http://path_to_rss ( not exploitable from remote attackers)
- XSS in rss viewner when render xml from remote host if the entry has html it is executed when view the news across flock rss viewner(exploitable via remote sites) (see for example my feed => chrome-extension://flock_people/feed_viewer.html?http://lostmon.blogspot.com/atom.xml) and them if you type in search box for example " or < it executes again the xss stored in xml file :)
- window.open() Method Javascript Same-Origin Policy Violation chrome bug 30660
- url with a leading NULL byte can bypass cross origin protection Chrome bug 37383
###########################
Advisores from Flock developers
###########################
FLOCK-SA-2010-04
Title: window.open() Method Javascript Same-Origin Policy Violation (XSS)
Impact: High
Announced on: 2010-09-09
Affected Products: Flock 3 versions prior to 3.0.0.4094
CVEs (cve.mitre.org): CVE-2010-0661
Details:
WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r52401, as used in Google Chrome before 4.0.249.78, allows remote attackers to bypass the Same Origin Policy via vectors involving the window.open method.
Credit to Tokuji Akamine, Senior Consultant at Symantec Consulting Services (for Chromium) and Lostmon Lords (for Flock).
References: https://bugs.webkit.org/show_bug.cgi?id=32647
http://code.google.com/p/chromium/issues/detail?id=30660
FLOCK-SA-2010-03
Title: javascript: url with a leading NULL byte can bypass cross origin protection (XSS)
Impact: High
Announced on: 2010-09-09
Affected Products: Flock 3 versions prior to 3.0.0.4112
CVEs (cve.mitre.org): CVE-2010-1236
Details:
A javascript: url with a leading NULL byte can bypass cross origin protection,
which has unspecified impact and remote attack vectors.
Credit to kuzzcc (for Chromium) and Lostmon Lords (for Flock).
References: https://bugs.webkit.org/show_bug.cgi?id=35948
http://code.google.com/p/chromium/issues/detail?id=37383
FLOCK-SA-2010-02
Title: A malicious RSS feed can bypass cross origin protection (XSS)
Impact: High
Announced on: 2010-09-09
Affected Products: Flock 3 versions prior to 3.0.0.4114
CVEs (cve.mitre.org): CVE-2010-3262
Details:
A malicious RSS feed containg HTML when viewed can bypass cross-origin protection,
which has unspecified impact and remote attack vectors.
Credit to Lostmon Lords.
FLOCK-SA-2010-01
Title: A malformed favourite can bypass cross origin protection (XSS)
Impact: Moderate
Announced on: 2010-09-09
Affected Products: Flock 3 versions prior to 3.0.0.4094
CVEs (cve.mitre.org): CVE-2010-3202
Details:
A malformed favourite imported from an HTML file, imported from another browser,
or manually created can bypass cross-origin protection, which has unspecified impact
and attack vectors.
Credit to Lostmon Lords.
References: http://www.securityfocus.com/archive/1/513214
################################################
Atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....