TITLE:
Mozilla Firefox Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA19873
VERIFY ADVISORY:
http://secunia.c
om/advisories/19873/
CRITICAL:
Highly critical
IMPACT:
Cross Site Scripting, DoS, System access
WHERE:
From remote
SOFTWARE:
Mozilla Firefox 1.x
http://secunia.com/p
roduct/4227/
Mozilla Firefox 0.x
http://secunia.com/p
roduct/3256/
DESCRIPTION:
Multiple vulnerabilities have been reported in Mozilla
Firefox,
which
can be exploited by malicious people to conduct cross-site
scripting
attacks or compromise a user's system.
1) An error within the handling of JavaScript references to
frames
and windows may in certain circumstances result in the
reference not
being properly cleared and allows execution of arbitrary
code.
The vulnerability only affects the 1.5 branch.
2) An error within the handling of Java references to
properties of
the window.navigator object allows execution of arbitrary
code
if a
web page replaces the navigator object before starting Java.
The vulnerability only affects the 1.5 branch.
3) A memory corruption error within the handling of
simultaneously
happening XPCOM events results in the use of a deleted timer
object
and allows execution of arbitrary code.
The vulnerability only affects the 1.5 branch.
4) Insufficient access checks on standard DOM methods of the
top-level document object (e.g.
"document.getElementById()")
can be
exploited by a malicious web site to execute arbitrary
script
code in
the context of another site.
The vulnerability only affects the 1.5 branch.
5) A race condition where JavaScript garbage collection
deletes
a
temporary variable still being used in the creation of a new
Function
object may allow execution of arbitrary code.
The vulnerability only affects the 1.5 branch.
6) Various errors in the JavaScript engine during garbage
collection
where used pointers are deleted and integer overflows when
handling
long strings e.g. passed to the "toSource()"
methods of the
Object,
Array, and String objects may allow execution of arbitrary
code.
7) Named JavaScript functions have a parent object created
using the
standard "Object()" constructor, which can be
redefined by
script.
This can be exploited to run script code with elevated
privileges if
the "Object()" constructor returns a reference
to a privileged
object.
8) An error within the handling of PAC script can be
exploited
by a
malicious Proxy AutoConfig (PAC) server to execute script
code
with
escalated privileges by setting the FindProxyForURL function
to
the
eval method on a privileged object that has leaked into the
PAC
sandbox.
9) An error within the handling of scripts granted the
"UniversalBrowserRead" privilege can be
exploited to execute
script
code with escalated privileges equivalent to
"UniversalXPConnect".
10) An error can be exploited to execute arbitary script
code
in
context of another site by using the
"XPCNativeWrapper(window).Function(...)"
construct, which
creates a
function that appears to belong to another site.
The vulnerability only affects the 1.5 branch.
11) A memory corruption error when calling
"nsListControlFrame::FireMenuItemActiveEvent()",
some potential
string class buffer overflows, a memory corruption error
when
anonymous box selectors are outside of UA stylesheets,
references to
removed nodes, errors involving table row and column groups,
and an
error in "crypto.generateCRMFRequest" callback
may potentially
be
exploited to execute arbitrary code.
12) An error within the handling of "chrome:"
URI's can be
exploited
to reference remote files that can run scripts with full
privileges.
SOLUTION:
Update to version 1.5.0.5.
http://www.mozilla.co
m/firefox/
ORIGINAL ADVISORY:
Mozilla.org:
http://www.mozilla.org/security/announce/2006/mfsa
2006-44.html
http://www.mozilla.org/security/announce/2006/mfsa
2006-45.html
http://www.mozilla.org/security/announce/2006/mfsa
2006-46.html
http://www.mozilla.org/security/announce/2006/mfsa
2006-47.html
http://www.mozilla.org/security/announce/2006/mfsa
2006-48.html
http://www.mozilla.org/security/announce/2006/mfsa
2006-50.html
http://www.mozilla.org/security/announce/2006/mfsa
2006-51.html
http://www.mozilla.org/security/announce/2006/mfsa
2006-52.html
http://www.mozilla.org/security/announce/2006/mfsa
2006-53.html
http://www.mozilla.org/security/announce/2006/mfsa
2006-54.html
http://www.mozilla.org/security/announce/2006/mfsa
2006-55.html
http://www.mozilla.org/security/announce/2006/mfsa
2006-56.html
Secunia Research:
http://s
ecunia.com/secunia_research/2006-53/
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-06-02
5.html
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|