[B! firefox][hasegawayosuke] Cherenkovã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

Cherenkov id:Cherenkov

firefoxã¨hasegawayosukeã«é–¢ã™ã‚‹Cherenkovã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (4)

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

${{author_name}}$
{{author_name}}{{created}}
{{ #comment }}{{ comment }}{{ /comment }}
- {{ label }}

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

FIREFOX JS HACKS - XSSã§ä½¿ãˆã‚‹ã‹ã‚‚ã—ã‚Œãªã„JavaScriptãƒ†ã‚¯ãƒ‹ãƒƒã‚¯
Cherenkov 2012/04/22
pdf powerpoint proxy ã‚¦ã‚§ãƒ–ä¸Šã«ã‚ã‚‹pptxã‚’é–‹ã‘ã‚‹ãƒ“ãƒ¥ãƒ¼ã‚¢ viewer

JavaScript

e4x

hasegawayosuke

xss

firefox

slide

è³‡æ–™
ãƒªãƒ³ã‚¯
Potential XSS against sites using Shift-JIS
Announced November 8, 2011 Reporter Yosuke Hasegawa Impact High Products Firefox, SeaMonkey, Thunderbird Fixed in Firefox 3.6.24 Firefox 8 SeaMonkey 2.5 Thunderbird 3.1.16 Thunderbird 8 Description Yosuke Hasegawa reported that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. When encountering an invalid pair Mozilla would turn the entire two-byte sequence into a
Cherenkov 2011/11/09
Shift-JIS encoding

mozilla

XSS

firefox

bug

hasegawayosuke

Security
ãƒªãƒ³ã‚¯
ï¼»ãƒ‹ãƒƒãƒï¼½E4Xã§æ”»æ’ƒã§ãã‚‹ï¼Ÿ ã§ããªã„ï¼Ÿ
ï¼»ãƒ‹ãƒƒãƒï¼½E4Xã§æ”»æ’ƒã§ãã‚‹ï¼Ÿ ã§ããªã„ï¼Ÿï¼šæ•™ç§‘æ›¸ã«è¼‰ã‚‰ãªã„Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ï¼ˆ6ï¼‰ï¼ˆ1/3 ãƒšãƒ¼ã‚¸ï¼‰ XSSã«CSRFã«SQLã‚¤ãƒ³ã‚¸ã‚§ã‚¯ã‚·ãƒ§ãƒ³ã«ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªãƒˆãƒ©ãƒãƒ¼ã‚µãƒ«â€¦â€¦Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã®ãƒ—ãƒã‚°ãƒ©ãƒžãŒçŸ¥ã£ã¦ãŠãã¹ãè„†å¼±æ€§ã¯ã„ã£ã±ã„ã‚ã‚Šã¾ã™ã€‚ãã“ã§æœ¬é€£è¼‰ã§ã¯ã€ãã®ã‚ˆã†ãªãƒ¡ã‚¸ãƒ£ãƒ¼ãªã‚‚ã®â€œä»¥å¤–â€ã‚‚æŽ˜ã‚Šä¸‹ã’ã¦ã„ãã¾ã™ ï¼ˆç·¨é›†éƒ¨ï¼‰ ECMAScriptã§XMLã‚’æ‰±ã†â€œE4Xâ€ çš†ã•ã‚“ã“ã‚“ã«ã¡ã¯ã€ã¯ã›ãŒã‚ã‚ˆã†ã™ã‘ã§ã™ã€‚ä»Šå›žã¯ã€Mozilla Firefoxã§ã‚¯ãƒã‚¹ãƒ‰ãƒ¡ã‚¤ãƒ³åˆ¶ç´„ã‚’å›žé¿ã™ã‚‹æ–¹æ³•ã®ä¸€ä¾‹ã¨ã—ã¦ã€E4Xã¨ã„ã†æ©Ÿèƒ½ã‚’åˆ©ç”¨ã—ãŸæ”»æ’ƒæ–¹æ³•ã‚’ç´¹ä»‹ã—ã¾ã™ã€‚ E4Xã¨ã¯ã€ã€ŒECMAScript for XMLã€ã®ç•¥ã§ã‚ã‚Šã€JavaScriptã‚„ActionScriptãªã©ã®ECMAScriptå‡¦ç†ç³»ã«ãŠã„ã¦ã€XMLã‚’ãƒã‚¤ãƒ†ã‚£ãƒ–æ©Ÿèƒ½ã¨ã—ã¦æ‰±ã†ãŸã‚ã®ä»•æ§˜ã§ã™ã€‚ ç¾åœ¨ã€Firefoxã®Ja
Cherenkov 2011/02/07
ã€Œä¾‹ãˆã°æ‚ªæ„ã‚ã‚‹ãƒ¦ãƒ¼ã‚¶ãƒ¼kazuhoã¯ã€

E4X

XML

firefox

javascript

security

hasegawayosuke
ãƒªãƒ³ã‚¯
Firefoxã®Web Workersã«ãŠã‘ã‚‹è„†å¼±æ€§ã«ã¤ã„ã¦
2010/07/23ã€€ã‚³ãƒ¼ã‚¹ï¼šå…ƒç¥–ã“ã£ã¦ã‚Š ã€Œå…ƒç¥–ã“ã£ã¦ã‚Šã€è¨˜äº‹ã¯ãƒãƒƒãƒˆã‚¨ãƒ¼ã‚¸ã‚§ãƒ³ãƒˆæ—§ãƒ–ãƒã‚°[netagent-blog.jp]ã«æŽ²è¼‰ã•ã‚Œã¦ã„ãŸè¨˜äº‹ã§ã‚ã‚Šã€ç¾åœ¨ãƒãƒƒãƒˆã‚¨ãƒ¼ã‚¸ã‚§ãƒ³ãƒˆã«åœ¨ç±ã—ã¦ã„ãªã„ãƒ©ã‚¤ã‚¿ãƒ¼ã®è¨˜äº‹ã‚‚å«ã¿ã¾ã™ã€‚ Firefoxã®Web Workersã«ãŠã‘ã‚‹è„†å¼±æ€§ã«ã¤ã„ã¦ ã¿ãªã•ã‚“ã€ã“ã‚“ã«ã¡ã¯ã€‚ãƒãƒƒãƒˆã‚¨ãƒ¼ã‚¸ã‚§ãƒ³ãƒˆæ ªå¼ä¼šç¤¾ ç ”ç©¶é–‹ç™ºéƒ¨ã®é•·è°·å·ã§ã™ã€‚ ä»Šé€±ã®æ°´æ›œæ—¥ã« Mozilla Firefox 3.6.7 ãŒãƒªãƒªãƒ¼ã‚¹ã•ã‚Œã¾ã—ãŸãŒã€ã“ã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã«ã¯ç§ãŒç™ºè¦‹ã—ãŸè„†å¼±æ€§(*1)ã®ä¿®æ£ãŒå«ã¾ã‚Œã¦ã„ã¾ã™ã€‚ä»Šæ—¥ã¯ãã®å†…å®¹ã«ã¤ã„ã¦èª¬æ˜Žã—ãŸã„ã¨æ€ã„ã¾ã™ã€‚ (*1) MFSA 2010-42: Web ãƒ¯ãƒ¼ã‚«ãƒ¼ã® importScripts ã‚’é€šã˜ãŸã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆãƒ‡ãƒ¼ã‚¿æ¼ãˆã„ ----- â– æ¦‚è¦ Mozilla Firefox 3.6.4 ãŠã‚ˆã³ 3.6.6 ã«ãŠã„ã¦ã€Web Workers ã¨
Cherenkov 2010/07/25
è„†å¼±æ€§ ç™ºè¦‹ãƒ†ã‚¯ ã€Œã€Œã²ã‚‰ã‚ãã€ã¯ã€éŽåŽ»ã®é¡žä¼¼ã®è„†å¼±æ€§ã ã‘ã§ãªãã€ãƒ–ãƒ©ã‚¦ã‚¶ã®ç´°ã‹ãªæ©Ÿèƒ½ã‚„æŒ™å‹•ã¨ã„ã£ãŸã€æ‰‹æŒã¡ã®æœãŒå¤šã„ã»ã©æœ‰åˆ©ã«ãªã‚‹ã€

Mozilla

javascript

firefox

E4X

security

browser

hasegawayosuke
ãƒªãƒ³ã‚¯
1

ãŠçŸ¥ã‚‰ã›

ã‚‚ã£ã¨èªã‚€

å…¬å¼Twitter

@hatebu
æœ€æ–°ã®äººæ°—ã‚¨ãƒ³ãƒˆãƒªãƒ¼ã®é…ä¿¡

ã‚ãƒ¼ãƒœãƒ¼ãƒ‰ã‚·ãƒ§ãƒ¼ãƒˆã‚«ãƒƒãƒˆä¸€è¦§

jæ¬¡ã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

kå‰ã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

lã‚ã¨ã§èªã‚€

eã‚³ãƒ¡ãƒ³ãƒˆä¸€è¦§ã‚’é–‹ã

oãƒšãƒ¼ã‚¸ã‚’é–‹ã

è¨å®šã‚’å¤‰æ›´ã—ã¾ã—ãŸx

ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

ã‚¿ã‚°

é–¢é€£ã‚¿ã‚°ã§çµžã‚Šè¾¼ã‚€ (15)

firefoxã¨hasegawayosukeã«é–¢ã™ã‚‹Cherenkovã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (4)

ãŠçŸ¥ã‚‰ã›

ä»Šé€±ã®ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚ãƒ³ã‚°ï¼ˆ2026å¹´1æœˆç¬¬4é€±ï¼‰

ä»Šé€±ã®ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚ãƒ³ã‚°ï¼ˆ2026å¹´1æœˆç¬¬3é€±ï¼‰

ã€å®Œäº†ã€‘ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ã®è¨ˆç”»ãƒ¡ãƒ³ãƒ†ãƒŠãƒ³ã‚¹ã®ãŠçŸ¥ã‚‰ã›ï¼ˆ2026å¹´1æœˆ23æ—¥(é‡‘) æ·±å¤œ1:30ã€œ3:00ï¼‰

å…¬å¼Twitter

ã‚ãƒ¼ãƒœãƒ¼ãƒ‰ã‚·ãƒ§ãƒ¼ãƒˆã‚«ãƒƒãƒˆä¸€è¦§

ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

å…¬å¼Twitter

ã¯ã¦ãªã®ã‚µãƒ¼ãƒ“ã‚¹

ã‚¿ã‚°

é–¢é€£ã‚¿ã‚°ã§çµžã‚Šè¾¼ã‚€ (15)

firefoxã¨hasegawayosukeã«é–¢ã™ã‚‹Cherenkovã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (4)

FIREFOX JS HACKS - XSSã§ä½¿ãˆã‚‹ã‹ã‚‚ã—ã‚Œãªã„JavaScriptãƒ†ã‚¯ãƒ‹ãƒƒã‚¯

Potential XSS against sites using Shift-JIS

ï¼»ãƒ‹ãƒƒãƒï¼½E4Xã§æ”»æ’ƒã§ãã‚‹ï¼Ÿ ã§ããªã„ï¼Ÿ

Firefoxã®Web Workersã«ãŠã‘ã‚‹è„†å¼±æ€§ã«ã¤ã„ã¦

ãŠçŸ¥ã‚‰ã›

ä»Šé€±ã®ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚­ãƒ³ã‚°ï¼ˆ2026å¹´1æœˆç¬¬4é€±ï¼‰

ä»Šé€±ã®ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚­ãƒ³ã‚°ï¼ˆ2026å¹´1æœˆç¬¬3é€±ï¼‰

ã€å®Œäº†ã€‘ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ã®è¨ˆç”»ãƒ¡ãƒ³ãƒ†ãƒŠãƒ³ã‚¹ã®ãŠçŸ¥ã‚‰ã›ï¼ˆ2026å¹´1æœˆ23æ—¥(é‡‘) æ·±å¤œ1:30ã€œ3:00ï¼‰

å…¬å¼Twitter

ã‚­ãƒ¼ãƒœãƒ¼ãƒ‰ã‚·ãƒ§ãƒ¼ãƒˆã‚«ãƒƒãƒˆä¸€è¦§

ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

å…¬å¼Twitter

ã¯ã¦ãªã®ã‚µãƒ¼ãƒ“ã‚¹

é–¢é€£ã‚¿ã‚°ã§çµžã‚Šè¾¼ã‚€ (15)

firefoxã¨hasegawayosukeã«é–¢ã™ã‚‹Cherenkovã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (4)

FIREFOX JS HACKS - XSSã§ä½¿ãˆã‚‹ã‹ã‚‚ã—ã‚Œãªã„JavaScriptãƒ†ã‚¯ãƒ‹ãƒƒã‚¯

ï¼»ãƒ‹ãƒƒãƒï¼½E4Xã§æ”»æ’ƒã§ãã‚‹ï¼Ÿ ã§ããªã„ï¼Ÿ

Firefoxã®Web Workersã«ãŠã‘ã‚‹è„†å¼±æ€§ã«ã¤ã„ã¦

ãŠçŸ¥ã‚‰ã›

ä»Šé€±ã®ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚ãƒ³ã‚°ï¼ˆ2026å¹´1æœˆç¬¬4é€±ï¼‰

ä»Šé€±ã®ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚ãƒ³ã‚°ï¼ˆ2026å¹´1æœˆç¬¬3é€±ï¼‰

ã€å®Œäº†ã€‘ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ã®è¨ˆç”»ãƒ¡ãƒ³ãƒ†ãƒŠãƒ³ã‚¹ã®ãŠçŸ¥ã‚‰ã›ï¼ˆ2026å¹´1æœˆ23æ—¥(é‡‘) æ·±å¤œ1:30ã€œ3:00ï¼‰

å…¬å¼Twitter

ã‚ãƒ¼ãƒœãƒ¼ãƒ‰ã‚·ãƒ§ãƒ¼ãƒˆã‚«ãƒƒãƒˆä¸€è¦§

ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

å…¬å¼Twitter

ã¯ã¦ãªã®ã‚µãƒ¼ãƒ“ã‚¹