From: "Robert Comer" 

I use Maxthon, but I turn the search bar off already.

- Bob Comer


"Geo."  wrote in message
news:424a9e98$1{at}w3.nls.net...
> The following security advisory is sent to the securiteam mailing list,
> and
> can be found at the SecuriTeam web site: http://www.securiteam.com
> - - promotion
> The SecuriTeam alerts list - Free, Accurate, Independent.
> Get your security news from a reliable source.
> http://www.securiteam.com/mailinglist.html
> - - - - - - - - -
>
>
> Maxthon Browser Information Disclosure
> ------------------------------------------------------------------------
>
> SUMMARY
> http://www.maxthon.com/> Maxthon Internet Browser software is a powerful
> tabbed browser with a highly customizable interface.
> The search bar of Maxthon allow any website to access it's content using
> Javascript like it was a plug-ins of the browser.
> DETAILS
> Vulnerable Systems:
> * Maxthon Internet Browser version 1.2.0. Prior versions may be
> vulnerable as well
> Immune Systems:
> * Maxthon Internet Browser version 1.2.1.
> Maxthon's API includes a property named "m2_search_text", which allows
> plug-ins to interact with the search bar. Any website the user visits can
> easily fetch the search bar's data using this property, the same way
> plug-ins does.
> Proof of Concept:
> The following javascript performs the sniffing:
> 
> function sniff() {
> try {
> s.value=external.m2_search_text;
> }
> catch(e) {}
> }
> function body_onload() {
> window.setInterval('sniff()',100);
> }
> 
> A live demonstation can be found at:
> http://www.raffon.net/advisories/maxthon/searchbarpoc.html>
> http://www.raffon.net/advisories/maxthon/searchbarpoc.html
> Vendor Status:
> The vendor has fixed the problem in version 1.2.1
> Disclosure Timeline:
> 02-Mar-2005: Vendor informed.
> 03-Mar-2005: Vendor confirmed vulnerability.
> 24-Mar-2005: Vendor published a fixed version.
> 25-Mar-2005: Public disclosure.
>
> ADDITIONAL INFORMATION
> The information has been provided by  Aviv Raff.
>
>
> ========================================
>
> This bulletin is sent to members of the SecuriTeam mailing list.
> To unsubscribe from the list, send mail with an empty subject line and
> body
> to: list-unsubscribe{at}securiteam.com
> In order to subscribe to the mailing list, simply forward this email to:
> list-subscribe{at}securiteam.com
>
> ====================
> ====================
> DISCLAIMER:
> The information in this bulletin is provided "AS IS" without
warranty of
> any
> kind.
> In no event shall we be liable for any damages whatsoever including
> direct,
> indirect, incidental, consequential, loss of business profits or special
> damages.
>
>

--- BBBS/NT v4.01 Flag-5