Firefox just released it’s latest version, 1.5.0.4, which aims to fix a number of issues including a few with XSS relevance:

1. MFSA 2006-43 Privilege escalation using addSelectionListener
2. MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
3. MFSA 2006-41 File stealing by changing input type (variant)
4. MFSA 2006-39 “View Image” local resource linking (Windows)
5. MFSA 2006-38 Buffer overflow in crypto.signText()
6. MFSA 2006-37 Remote compromise via content-defined setter on object prototypes
7. MFSA 2006-36 PLUGINSPAGE privileged JavaScript execution 2
8. MFSA 2006-35 Privilege escalation through XUL persist
9. MFSA 2006-34 XSS viewing javascript: frames or images from context menu
10. MFSA 2006-33 HTTP response smuggling
11. MFSA 2006-32 Fixes for crashes with potential memory corruption
12. MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)

The BOM in UTF-8 is fairly interesting, and I’m kicking myself for not finding it first, but since it is such a high order character I never got around to it with my fuzzer. Alas! Well congrats to Masatoshi Kimura for finding it first.

This entry was posted on Friday, June 2nd, 2006 at 3:54 pm and is filed under XSS, Webappsec. You can leave a response as well.