Multiple vulnerabilities in Flock Browser 3.0.0.3989 (updated)

9 views
Skip to first unread message

Lostmon lords

unread,
Mar 11, 2011, 5:38:09 PM3/11/11
to los...@googlegroups.com, moder...@osvdb.org
#########################################
Multiple vulnerabilities in Flock Browser 3.0.0.3989
Vendor URL: http://beta.flock.com/
Vendor Advisores: http://www.flock.com/security/
Advisore:http://lostmon.blogspot.com/2011/03/multiple-vulnerabilities-in-flock.html
Vendor notify:YES exploits availables:YES
#########################################

Some stuff that i don't have published before , because i don't have
time , i'm studing and i need time to read books and study.

Flock is faster, simpler, and more friendly. Literally. It's the only
sleek, modern web browser with the built-in ability to keep you
up-to-date with your Facebook and Twitter friends. This browser
version (3.0.0.3989) is based in a old chromium project (5.0.375.75)
and has multiple bugs imported from chrome and his owns bugs :)
I have contributed in secure Flock browser, i have tested version with
google chrome base.
I have do a list with all issues that i found and Flock Team has
release some advisores about it time after.

###############
TODO LIST / Bugs
###############

1. Inspector window attributes script injection chrome bug 31590
2. XSS in search engine in chrome://history/ chrome bug 13760( not
exploitable from remote attackers ) (chrome://history/#q="><iframe
src=javascript:alert(1)>&p=0)
3. XSS in search box in favorites page (
chrome-extension://flock_people/favorites.html#p=1&v=all&o=0&s=title)(not
explotable from remote attackers)
4. XSS in search engine extension when paste in url
(chrome-extension://flock_people/search.html)( persistent xss)(not
exploiable from remote attackers)
5. XSS in social extension when try to login in facebook or twiter
or youtube (not exploitable from remote attackers)
6. XSS in rss vienwer in search box
chrome-extension://flock_people/feed_viewer.html?http://path_to_rss (
not exploitable from remote attackers)
7. XSS in rss viewner when render xml from remote host if the
entry has html it is executed when view the news across flock rss
viewner(exploitable via remote sites) (see for example my feed =>
chrome-extension://flock_people/feed_viewer.html?http://lostmon.blogspot.com/atom.xml)
and them if you type in search box for example " or < it executes
again the xss stored in xml file :)
8. window.open() Method Javascript Same-Origin Policy Violation
chrome bug 30660
9. url with a leading NULL byte can bypass cross origin protection
Chrome bug 37383

###########################
Advisores from Flock developers
###########################
FLOCK-SA-2010-04

Title: window.open() Method Javascript Same-Origin Policy Violation (XSS)
Impact: High
Announced on: 2010-09-09
Affected Products: Flock 3 versions prior to 3.0.0.4094
CVEs (cve.mitre.org): CVE-2010-0661
Details:
WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before
r52401, as used in Google Chrome before 4.0.249.78, allows remote
attackers to bypass the Same Origin Policy via vectors involving the
window.open method.

Credit to Tokuji Akamine, Senior Consultant at Symantec Consulting
Services (for Chromium) and Lostmon Lords (for Flock).
References: https://bugs.webkit.org/show_bug.cgi?id=32647
http://code.google.com/p/chromium/issues/detail?id=30660

FLOCK-SA-2010-03

Title: javascript: url with a leading NULL byte can bypass cross
origin protection (XSS)
Impact: High
Announced on: 2010-09-09
Affected Products: Flock 3 versions prior to 3.0.0.4112
CVEs (cve.mitre.org): CVE-2010-1236

Details:
A javascript: url with a leading NULL byte can bypass cross origin protection,
which has unspecified impact and remote attack vectors.

Credit to kuzzcc (for Chromium) and Lostmon Lords (for Flock).
References: https://bugs.webkit.org/show_bug.cgi?id=35948
http://code.google.com/p/chromium/issues/detail?id=37383

FLOCK-SA-2010-02

Title: A malicious RSS feed can bypass cross origin protection (XSS)
Impact: High
Announced on: 2010-09-09
Affected Products: Flock 3 versions prior to 3.0.0.4114
CVEs (cve.mitre.org): CVE-2010-3262

Details:
A malicious RSS feed containg HTML when viewed can bypass cross-origin
protection,
which has unspecified impact and remote attack vectors.
Credit to Lostmon Lords.

FLOCK-SA-2010-01

Title: A malformed favourite can bypass cross origin protection (XSS)
Impact: Moderate
Announced on: 2010-09-09
Affected Products: Flock 3 versions prior to 3.0.0.4094
CVEs (cve.mitre.org): CVE-2010-3202
Details:
A malformed favourite imported from an HTML file, imported from another browser,
or manually created can bypass cross-origin protection, which has
unspecified impact
and attack vectors.
Credit to Lostmon Lords.
References: http://www.securityfocus.com/archive/1/513214
################################################

Atentamente:
Lostmon (los...@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....

Reply all
Reply to author
Forward
0 new messages