Mozilla Firefox "OnKeyDown" Event Focus Vulnerability

A new Firefox vulnerability is caused by a design flaw within the focus handling method of form fields.  It can be exploited by changing the focus from a "textarea" field to a "file upload" form field using the "OnKeyDown" event.  This allows an arbitrary file to be loaded onto the victim's system and then uploaded to a malicious web site.  The upload requires the victim to type the file name into a "textarea" input form.  Versions of Firefox that are vulnerable include 1.5.0.12 (all platforms) and 2.0.0.4 (all platforms).  The current workaround is to disable Javascript support and avoid entering file names to form fields on untrusted web sites.

References:

Secunia

http://secunia.com/advisories/25904

National Vulnerability Database

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3511

Posted by Kitch Spicer on July 05, 2007, in Handlers Log.