129
vote
Don't worry this technique is known, but this time I made a couple of examples to illustrate it's behavior. It utilizes the illusion of selected text. When the selected text is copied or dragged into the URL bar it gets executed because Firefox thinks you have the proper rights to do so. The first example does exactly this and tries to install an Firefox XPI. The seconds one tries to access your local file system, this can only be done by dragging it as a bookmark. Well, this seems an exotic attack, but think again: how many times did you drag hyperlinks and text? I know I did plenty of times.Watch the illusion of an URL :
Bookmark/Search this post with:
Trackback URL for this post:
http://www.secgeeks.com/trackback/552
