Firefox uXSS and CSS XSS
In Summary : One of the interesting behaviors of context menus is that once you open it, it will persist once you navigate to a different ...
https://updatesinfosec.blogspot.com/2018/06/firefox-uxss-and-css-xss.html
In Summary :
One of the interesting behaviors of context menus is that once you open it, it will persist once you navigate to a different website. What's weirder is that if you, for example, open the context menu from
kindly refer the following link as follow up :
https://ift.tt/2HBbQKD
One of the interesting behaviors of context menus is that once you open it, it will persist once you navigate to a different website. What's weirder is that if you, for example, open the context menu from
'a.com' and then the browser redirects to 'b.com', you will notice that when you click on View source it will open 'view-source:b.com'
which is the current window.
So, even though you open the context menu, it will execute on whatever
website you are on despite origin. So to set this up, we ask a user to
click a button that opens the cross origin 'victim' website. After that,
we will redirect to our website populating navigation history with our
target website. Finally, we listen to when a user opens the context menu
using 'oncontextmenu' and execute 'history.back()' taking us to the target website. Once the user clicks View background image
javascript is executed. Interestingly, this acts like a bookmark which
means it bypasses CSP and noscript (a non-JS PoC can be done.) [...]kindly refer the following link as follow up :
https://ift.tt/2HBbQKD
