MSIE/Firefox focus bugs

MSIE / Firefox focus stealing vulnerabilities (for Windows)

Because there is some confusion surrounding the issues I recently reported to BUGTRAQ, I set up this page to help sort it all out. My bad for participating in a confusing message storm :-) Choose one of the following links:

Click here to test for a brand new, unpatched vulnerability in Microsoft Internet Explorer 7 (and prior), found by me.
Click here to test for a variant of an unpatched Firefox vulnerability (1.5 and 2.0), originally reported by Charles McAuley.
Click here to read an updated report on these vulnerabilities.

These vulnerabilities allow the author of a malicious page to read sensitive local files on your computer without your explicit permission. Some user interaction is required, but only to an extent commonly expected on some popular websites (forums, chats, web games, captchas). XSS attacks make it far worse. Petko D. Petkov offers a more detailed explanation in his blog.

The MSIE7 vulnerability is, as far as I can tell, a new development. The Firefox vector, although developed independently, turned out to be a new take on a problem reported by Charles in June 2006. As such, I do not make any claims to the discovery of the latter flaw, other than perhaps providing a more convincing demonstration of how it works.

These naive demonstration pages are designed to work on Windows, but there is nothing platform-specific about this attack that would prevent it from working elsewhere.

Comments and questions to: Michal Zalewski <lcamtuf@coredump.cx>