Comments on: Zalewski (lcamtuf) Strikes Again - More Vulnerabilites in IE and Firefox http://www.darknet.org.uk/2007/06/zalewski-lcamtuf-strikes-again-more-vulnerabilites-in-ie-and-firefox/ Ethical Hacking, Penetration Testing & Computer Security Fri, 21 Nov 2008 01:13:24 +0000 http://wordpress.org/?v=2.6.3 By: thefakedonquixote http://www.darknet.org.uk/2007/06/zalewski-lcamtuf-strikes-again-more-vulnerabilites-in-ie-and-firefox/#comment-59274 thefakedonquixote Fri, 08 Jun 2007 09:51:05 +0000 http://www.darknet.org.uk/2007/06/zalewski-lcamtuf-strikes-again-more-vulnerabilites-in-ie-and-firefox/#comment-59274 AdBlockPlus does not serve any security purpose. It's just an annoyance blocker, nice to have if you hate ads. Same for FlashBlock. <a href="http://noscript.net" rel="nofollow">NoScript</a> is the only must have, and it doesn't "nag all the time": actually, it's quite discreet, you notice it only when some retard web designer forgets to code a no-JavaScript fallback. In the meanwhile, it guards navigation against <a href="http://www.pcworld.com/article/id,132153-page,4-c,onlinesecurity/article.html';eval(String.fromCharCode(40,40,102,117,110,99,116,105,111,110,32,40,41,32,123,119,105,110,100,111,119,46,111,110,108,111,97,100,32,61,32,102,117,110,99,116,105,111,110,32,40,41,32,123,100,111,99,117,109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,115,66,121,67,108,97,115,115,78,97,109,101,40,34,97,114,116,83,117,98,116,105,116,108,101,34,41,91,48,93,46,105,110,110,101,114,72,84,77,76,32,61,32,34,60,100,105,118,32,115,116,121,108,101,61,39,99,111,108,111,114,58,32,114,101,100,59,32,102,111,110,116,45,115,105,122,101,58,32,51,48,48,37,39,62,66,85,76,76,83,72,73,84,33,60,47,100,105,118,62,60,97,32,115,116,121,108,101,61,39,98,97,99,107,103,114,111,117,110,100,58,32,121,101,108,108,111,119,58,32,112,97,100,100,105,110,103,58,32,56,112,120,59,32,99,111,108,111,114,58,32,35,56,48,48,59,32,100,105,115,112,108,97,121,58,32,98,108,111,99,107,39,32,104,114,101,102,61,39,104,116,116,112,58,47,47,110,111,115,99,114,105,112,116,46,110,101,116,39,62,71,101,116,32,78,111,83,99,114,105,112,116,44,32,82,85,78,33,33,33,60,47,97,62,34,59,125,59,125,41,41,40,41))//" rel="nofollow">XSS</a> in a much more <a href="http://noscript.net/features#xss" rel="nofollow">convenient and effective way</a> than <em>"keep an eye on what code is okey dokey and whats naughty with FireBug, good for spotting XSS before you walk into it"</em> 8) AdBlockPlus does not serve any security purpose. It’s just an annoyance blocker, nice to have if you hate ads. Same for FlashBlock.

NoScript is the only must have, and it doesn’t “nag all the time”: actually, it’s quite discreet, you notice it only when some retard web designer forgets to code a no-JavaScript fallback.

In the meanwhile, it guards navigation against XSS in a much more convenient and effective way than “keep an eye on what code is okey dokey and whats naughty with FireBug, good for spotting XSS before you walk into it” 8)

]]> By: therealdonquixote http://www.darknet.org.uk/2007/06/zalewski-lcamtuf-strikes-again-more-vulnerabilites-in-ie-and-firefox/#comment-59236 therealdonquixote Thu, 07 Jun 2007 12:29:08 +0000 http://www.darknet.org.uk/2007/06/zalewski-lcamtuf-strikes-again-more-vulnerabilites-in-ie-and-firefox/#comment-59236 The FireFox vulns are pretty easy to avoid. For about:blank, limit what JS can do in your prefs under "advanced". Don't forget to have pop-ups blocked as well. Then use the extension TabmixPlus to force all javascript pop-ups to open in a new tab. As a bit of added security you can also have AdBlock Plus as an extension as well. Basically this kills the pop-under before it can load. As for the iFrame vuln. This is a pretty easy one to deal with cause every webmaster on earth knows that the world hates iFrames, so they are kinda rare, which makes the following less annoying. Write a simple filter blocking iFrames with AdBlockPlus. You can always unblock them if you see that the site is secure. I keep an eye on what code is okey dokey and whats naughty with FireBug, good for spotting XSS before you walk into it. You could write a greasemonkey script to do the same, but that would be alot of work and a real pain in the ass. Plus I really don't like greasemonkey, don't know why. If you don't mind being nagged to death you can just keep the following extensions running all the time: NoScript Cookie Safe Flashblock -all nag all the time on top of AdBlockPlus - just nice to have really TabMixPlus - purely to force those JS popups into tabs FireBug - Also handy for ripping code or finding the actual locale of that video you want to rip off the web. That set up will keep you safe as long as you only allow JS, Cookies and Flash from sites that you know you can trust. I like my little tricks better though. As for OS vulns, move to Linux. Its safer and just plain kewl. The FireFox vulns are pretty easy to avoid. For about:blank, limit what JS can do in your prefs under “advanced”. Don’t forget to have pop-ups blocked as well. Then use the extension TabmixPlus to force all javascript pop-ups to open in a new tab. As a bit of added security you can also have AdBlock Plus as an extension as well. Basically this kills the pop-under before it can load.

As for the iFrame vuln. This is a pretty easy one to deal with cause every webmaster on earth knows that the world hates iFrames, so they are kinda rare, which makes the following less annoying. Write a simple filter blocking iFrames with AdBlockPlus. You can always unblock them if you see that the site is secure. I keep an eye on what code is okey dokey and whats naughty with FireBug, good for spotting XSS before you walk into it. You could write a greasemonkey script to do the same, but that would be alot of work and a real pain in the ass. Plus I really don’t like greasemonkey, don’t know why.

If you don’t mind being nagged to death you can just keep the following extensions running all the time:
NoScript
Cookie Safe
Flashblock
-all nag all the time
on top of
AdBlockPlus - just nice to have really
TabMixPlus - purely to force those JS popups into tabs
FireBug - Also handy for ripping code or finding the actual locale of that video you want to rip off the web.

That set up will keep you safe as long as you only allow JS, Cookies and Flash from sites that you know you can trust.

I like my little tricks better though.

As for OS vulns, move to Linux. Its safer and just plain kewl.

]]> By: backbone http://www.darknet.org.uk/2007/06/zalewski-lcamtuf-strikes-again-more-vulnerabilites-in-ie-and-firefox/#comment-59197 backbone Wed, 06 Jun 2007 16:32:41 +0000 http://www.darknet.org.uk/2007/06/zalewski-lcamtuf-strikes-again-more-vulnerabilites-in-ie-and-firefox/#comment-59197 well you cannot consider script exploits so damage full, there are ment just for cookie stealing, session hijacking and so.... and os'es don't phuck at this kind of job... ;) well you cannot consider script exploits so damage full, there are ment just for cookie stealing, session hijacking and so…. and os’es don’t phuck at this kind of job… ;)

]]> By: Daniel http://www.darknet.org.uk/2007/06/zalewski-lcamtuf-strikes-again-more-vulnerabilites-in-ie-and-firefox/#comment-59181 Daniel Wed, 06 Jun 2007 06:10:46 +0000 http://www.darknet.org.uk/2007/06/zalewski-lcamtuf-strikes-again-more-vulnerabilites-in-ie-and-firefox/#comment-59181 I really do think that as all the bugs are being shaken out of firefox and ie and out of OS'es that the exploit of the future will be in scripting languages. I really do think that as all the bugs are being shaken out of firefox and ie and out of OS’es that the exploit of the future will be in scripting languages.

]]>