Name Cross Zone Scripting
Summary An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
Prerequisites The target must be using a zone-aware browser.
Solutions Disable script execution. Ensure that sufficient input validation is performed for any potentially untrusted data before it is used in any privileged context or zone Limit the flow of untrusted data into the privileged areas of the system that run in the higher trust zone Limit the sites that are being added to the local machine zone and restrict the privileges of the code running in that zone to the bare minimum Ensure proper HTML output encoding before writing user supplied data to the page
Related Weaknesses
CWE ID Description
CWE-20 Improper Input Validation
CWE-116 Improper Encoding or Escaping of Output
CWE-250 Execution with Unnecessary Privileges
CWE-285 Improper Authorization
CWE-638 Not Using Complete Mediation
Back to Top