Maxthon Browser max.src Plug-in Security ID Generation File Manipulation
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
Maxthon Browser contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the max.src file, which contains the "security id" for a plugin, is included in a script on a web page. API funtions can be called using the "security id" retrieved, allowing an attacker to call functions that will read and write to local files, which results in a loss of confidentiality and integrity.
Upgrade to version 1.2.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
Discovery of this issue is credited to "Aviv Raff" <firstname.lastname@example.org>.
Maxthon Maxthon 1.2.1
Maxthon Maxthon 1.2
It is reported that the Maxthon Web browser is prone to an information disclosure vulnerability. It is reported that Maxthon Plug-in API's are protected with a security ID. Only a website that has knowledge of a Maxthon Plug-in security ID may invoke the plug-in API. However, it is reported that the Side bar Plug-in stores it's security ID in the Plug-in folder.
It is possible for a remote website to include this file in a script and obtain the Security ID's required to access the API of the Plug-in.
A proof of concept is available at the following location:
It is reported that this vulnerability is addressed in Maxthon version 1.2.2. This is not confirmed. Customers are advised to contact the vendor for further information in regards to obtaining and applying an appropriate fix.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: email@example.com <mailto:firstname.lastname@example.org>.