malerisch.net

Details Vendor Site: Avant browser ( www.avantbrowser.com ) Date: December, 5 2012 – CVE (TBA) Affected Software: Avant Browser Ultimate 2012 Build 27 and potentially previous versions Status: Unpatched Researcher: Roberto Suggi Liverani -  @malerisch PDF version:  Avant_multiple_vulnerabilities_advisory.pdf Cross Context Scripting – browser:home – Most Visited And History Tabs A malicious user can inject arbitrary JavaScript/HTML code through the websites visited with the Avant Browser. The code injection is rendered into the both the Most Visited and History tabs within the browser:home page,  which displays URL and the title of the page. A malicious user can inject and store JavaScript/HTML content by using the <title> HTML element, as shown in the table below: <title>aaa"><img src=a onerror='var vstr = {value: ""};window.navigator.AFRunCommand(60003, vstr);alert(vstr.value);'></title> Injected payload is render

Details Vendor Site: Maxthon (www.maxthon.com) Date: December, 5 2012 – CVE (TBA) Affected Software: Maxthon 3.3.3.1000 and previous versions Status: Patched Researcher: Roberto Suggi Liverani -  @malerisch PDF version:  Maxthon_multiple_vulnerabilities_advisory.pdf Cross Context Scripting Cross Context Scripting   (XCS) is a particular code injection attack vector where the injection occurs from an untrusted zone (e.g. Internet) into a privileged browser zone. In this case, it is possible to inject arbitrary JavaScript/HTML code from an untrusted page into Maxthon browser privileged zone - mx://res/*. Description It is possible to inject JavaScript/HTML payload via the “title” parameter of the “Add to Favorites” form. In Maxthon, bookmark UI security controls are weak and allow a trivial exploitation, even for an attentive user, considering the following factors: window.external.addFavorite() can be invoked in an automated fashion; The title entry can be tailored

Details Vendor Site: Maxthon (www.maxthon.com) Date: December, 5 2012 – CVE (TBA) Affected Software: Maxthon 3.4.5.2000 and previous versions Status: Unpatched (at the time of publishing) Researcher: Roberto Suggi Liverani -  @malerisch PDF version: Maxthon_multiple_vulnerabilities_advisory.pdf Cross Context Scripting Cross Context Scripting   (XCS) is a particular code injection attack vector where the injection occurs from an untrusted zone (e.g. Internet) into a privileged browser zone. In this case, it is possible to inject arbitrary JavaScript/HTML code from an untrusted page into Maxthon browser privileged zone - mx://res/*. Description A malicious user can inject arbitrary JavaScript/HTML code via multiple RSS feed elements. Vulnerable elements are the following: <title> element: JavaScript injection using HTML encoded payload <link> element: JavaScript injection using javascript: pseudouri <description> element: JavaScript injectio

Details Vendor Site: Maxthon (www.maxthon.com) Date: December, 5 2012 – CVE (TBA) Affected Software: Maxthon 3.4.5.2000 and previous versions Status: Unpatched (at the time of publishing) Researcher: Roberto Suggi Liverani - @malerisch PDF version:  Maxthon_multiple_vulnerabilities_advisory.pdf Cross Context Scripting Cross Context Scripting  (XCS) is a particular code injection attack vector where the injection occurs from an untrusted zone (e.g. Internet) into a privileged browser zone. In this case, it is possible to inject arbitrary JavaScript/HTML code from an untrusted page into Maxthon browser privileged zone - mx://res/*. Description A malicious user can inject arbitrary JavaScript/HTML code through the websites visited with the Maxthon browser. The code injection is rendered into the History page (about:history), which displays URL and a short description of the visited pages. A malicious user can inject JavaScript/HTML content by using the location.hash p