Wednesday, October 20, 2010

Some Bug Reports | いくつかの脆弱性報告

Recently some bugs I found in browsers and a flash player have had their advisories released. The first is a bug in Camtasia that allows for XSS because they allow remote inclusion of configuration files. Inside of the configuration files you can specify a javascript:... URL inside of an XML Element. This javascript URL is executed after the movie has finished playing.

The other bug was one I found while working on WBTS. It's a bug in version 10.62 of Opera's browser. This allowed for CSS and potentially other data to be accessed cross origin. This bug was due to a problem with redirects and reading in the remote files cssRules. I said it in my WBTS talk and I'll say it again, redirects are a common source of browser bugs!

最近、ベンダーさんは僕が見つけた脆弱性情報を発表した。ひとつのバッグはCamtasiaというフラッシュ映画の作れるソフトにXSS攻撃が可能だった。 そのソフトはフラッシュ映画にリモート(他のサーバー)からXML設定ファイルを挿入できる。設定ファイルの中にXML要素で「javascript:」のURLを指定し、映画が終わったらフラッシュによってブラウザはこのURLをアクセスする。


No comments: