Skip to main content

Posts

Showing posts with the label avant browser

Avant Browser - Stored Cross Site Scripting - Feed Reader (browser://localhost/lst?*)

Details Vendor Site: Avant browser ( www.avantbrowser.com ) Date: December, 5 2012 – CVE (TBA) Affected Software: Avant Browser Ultimate 2012 Build 28 and potentially previous versions Status: Unpatched Researcher: Roberto Suggi Liverani -  @malerisch PDF version:  Avant_multiple_vulnerabilities_advisory.pdf Stored Cross Site Scripting - Feed Reader (browser://localhost/lst?*) A malicious user can inject and store arbitrary JavaScript/HTML code via multiple RSS feed elements. Vulnerable elements are the following: <title>  element: JavaScript injection using HTML encoded payload <link>  element: JavaScript injection using javascript: pseudouri ( this is rendered in about:blank zone.) <description>  element: JavaScript injection using HTML encoded payload The following table shows an example of malicious RSS feed: <?xml version='1.0' encoding="ISO-8859-1"?> <rss version='2.0'> <channel> <des
Read more

Avant Browser - Cross Context Scripting - browser:home - Most Visited And History Tabs

Details Vendor Site: Avant browser ( www.avantbrowser.com ) Date: December, 5 2012 – CVE (TBA) Affected Software: Avant Browser Ultimate 2012 Build 27 and potentially previous versions Status: Unpatched Researcher: Roberto Suggi Liverani -  @malerisch PDF version:  Avant_multiple_vulnerabilities_advisory.pdf Cross Context Scripting – browser:home – Most Visited And History Tabs A malicious user can inject arbitrary JavaScript/HTML code through the websites visited with the Avant Browser. The code injection is rendered into the both the Most Visited and History tabs within the browser:home page,  which displays URL and the title of the page. A malicious user can inject and store JavaScript/HTML content by using the <title> HTML element, as shown in the table below: <title>aaa"><img src=a onerror='var vstr = {value: ""};window.navigator.AFRunCommand(60003, vstr);alert(vstr.value);'></title> Injected payload is render
Read more

Avant Browser - Same of Origin Policy Bypass - browser:home

Details Vendor Site: Avant browser ( www.avantbrowser.com ) Date: December, 5 2012 – CVE (TBA) Affected Software: Avant Browser Ultimate 2012 Build 28 and potentially previous versions Status: Unpatched Researcher: Roberto Suggi Liverani -  @malerisch PDF version: Avant_multiple_vulnerabilities_advisory.pdf Same of Origin Policy Bypass A malicious user can execute arbitrary JavaScript/HTML code on the privileged browser:home page from an untrusted web page on Internet (http:// zone). This is possible by creating an iframe element pointing to the browser:home page and then invoking privileged commands using a window object reference to the iframe element, as shown in the example below: <iframe name="test2" src=" browser:home "></iframe> <script> window['test2'].navigator.AFRunCommand(id_of_privileged_command, vstr) </script> This code allows interaction from an untrusted zone (http://) to a trusted and priv
Read more