Mozilla Foundation Security Advisory 2008-02

Multiple file input focus stealing vulnerabilities

Announced

February 7, 2008

Reporter

hong, Gregory Fleischer

Impact

Moderate

Products

Firefox, SeaMonkey

Fixed in

Firefox 2.0.0.12
SeaMonkey 1.1.8

Description

Security researchers hong and Gregory Fleischer each reported a variant on earlier reported bugs regarding focus shifting in file input controls. Their variants used file input controls nested inside <label> tags to take advantage of automatic focus shifting into the file input field noted on the Hacker WebZine. As with the earlier reported issues this issue could be used to force a user to upload arbitrary files assuming the attacker knows the full path and name of the file.

These bugs are variations on earlier problems reported by Charles McAuley and Michal Zalewski which were fixed in Firefox 2.0.0.4, as well as an issue reported by hong which was fixed in Firefox 2.0.0.8.

Gregory Fleischer also submitted several other variations of the same problem.

References

Focus shifting bugs
https://bugzilla.mozilla.org/show_bug.cgi?id=413135
(proofs-of-concept details embargoed)
CVE-2008-0414

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice

Mozilla Foundation Security Advisory 2008-02

Multiple file input focus stealing vulnerabilities

Description

References