TITLE:
Mozilla Firefox Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA24205
VERIFY ADVISORY:
http://secunia.c
om/advisories/24205/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Exposure
of
sensitive information, System access
WHERE:
>From remote
SOFTWARE:
Mozilla Firefox 1.x
http://secunia.com/p
roduct/4227/
Mozilla Firefox 2.0.x
http://secunia.com/
product/12434/
DESCRIPTION:
Multiple vulnerabilities have been reported in Mozilla
Firefox,
which
can be exploited by malicious people to bypass certain
security
restrictions, conduct cross-site scripting and spoofing
attacks, gain
knowledge of sensitive information, and potentially
compromise
a
user's system.
1) An error in the handling of the
"locations.hostname" DOM
property
can be exploited to bypass certain security restrictions.
For more information:
SA24175
http://secunia.c
om/advisories/24175/
2) An integer underflow error in the Network Security
Services
(NSS)
code when processing SSLv2 server messages can be exploited
to
cause
a heap-based buffer overflow via a certificate with a public
key too
small to encrypt the "Master Secret".
Successful exploitation may allow execution of arbitrary
code.
NOTE: Support for SSLv2 is disabled in Firefox 2.x. This
version is
only vulnerable if user has modified hidden internal NSS
settings to
re-enable SSLv2 support.
3) It is possible to conduct cross-site scripting attacks
against
sites containing a frame with a "data:" URI as
source.
Successful exploitation requires that a user is tricked into
visiting
a malicious website and opening a blocked popup.
4) It is possible to open windows containing local files
thereby
stealing the contents when the full path of a locally saved
file
containing malicious script code is known. This can be
exploited in
combination with a flaw in the seeding of the pseudo-random
number
generator causing downloaded files to be saved to temporary
files
with a somewhat predictable name.
Successful exploitation requires that a user is tricked into
visiting
a malicious website and opening a blocked popup.
5) Browser UI elements like the host name and security
indicators can
be spoofed using a specially crafted custom cursor and
manipulating
the CSS3 hotspot property.
6) It may be possible to gain knowledge of sensitive
information from
a website due to an error resulting in two web pages
colliding
in the
disk cache thereby potentially appending part of one
document
to the
other.
Successful exploitation requires that a user is tricked into
visiting
a malicious website while visiting the target website.
7) Various errors in the Mozilla parser when handling
invalid
trailing characters in HTML tag attribute names and during
processing
of UTF-7 content when child frames inherit the character set
of
its
parent window can be exploited to conduct cross-site
scripting
attacks.
8) A vulnerability in the Password Manager may be exploited
to
conduct phishing attacks.
For more information:
SA23046
http://secunia.c
om/advisories/23046/
9) Multiple memory corruption errors exist in the layout
engine,
JavaScript engine, and in SVG. Some of these may be
exploited
to
execute arbitrary code on a user's system.
SOLUTION:
Update to version 2.0.0.2 or 1.5.0.10.
ORIGINAL ADVISORY:
Mozilla Foundation:
http://www.mozilla.org/security/announce/2007/mfsa
2007-07.html
http://www.mozilla.org/security/announce/2007/mfsa
2007-06.html
http://www.mozilla.org/security/announce/2007/mfsa
2007-05.html
http://www.mozilla.org/security/announce/2007/mfsa
2007-04.html
http://www.mozilla.org/security/announce/2007/mfsa
2007-03.html
http://www.mozilla.org/security/announce/2007/mfsa
2007-02.html
http://www.mozilla.org/security/announce/2007/mfsa
2007-01.html
iDefense Labs:
http://labs.idefense.com/intelligence/vu
lnerabilities/display.php?id=482
OTHER REFERENCES:
SA24175:
http://secunia.c
om/advisories/24175/
SA23046:
http://secunia.c
om/advisories/23046/
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|
