HOME > ADVISORIES


   ADVISORIES

CERT-In Advisory CIAD-2007-10
Mozilla Products Multiple XSS, Spoofing and Remote Code Execution Vulnerabilities

Original issue date: February 27, 2007

Severity Rating: High

Systems Affected

  • Mozilla Firefox versions prior to 2.0.0.2
  • Mozilla Firefox versions prior to 1.5.0.10
  • Mozilla SeaMonkey versions prior to 1.0.8
  • Network Security Services (NSS) versions prior to 3.11.5

Overview

Multiple vulnerabilities have been reported in Mozilla Products which could be exploited by remote attackers to cause cross site scripting attacks, execute arbitrary code, spoofing and bypass certain security restriction .

Description

1. Mozilla Firefox "locations.hostname" DOM Property
Handling Vulnerability ( CVE-2007-0981 & CIVN-2007-26 )

A vulnerability has been identified in the Mozilla Firefox due to an error in the handling of the "locations.hostname" DOM property. It can be used to manipulate authentication cookies for an arbitrary web site via assigning a URL including a NULL character ("\x00") to "locations.hostname". A malicious attacker may exploit this vulnerability by tricking a user into visiting a malicious link

2. Network Security Services (NSS) SSLv2 protocol buffer
overflow Vulnerability ( CVE-2007-0008 , CVE-2007-0009 )

Buffer overflow vulnerabilities have been reported in Network Security Services (NSS) when handling malformed SSLv2 server messages. A certificate with too small public key to encrypt the ‘Master Secret' could be exploited remotely to execute arbitrary code. 

3.Mozilla products cross site scripting vulnerabilities ( CVE-2007-0995 , CVE-2007-0996 , CVE-2006-6077 )

Mozilla parser ignores invalid trailing characters in HTML tag attribute names which could be exploited to conduct cross site scripting attack.

A cross site scripting vulnerability also exists when parsing web pages with UTF-7 content when child frames inherit the character set of its parent window.

4. Mozilla firefox information disclosure through cache collisions vulnerability ( CVE-2007-0778 )

A vulnerability has been reported in Mozilla Firefox cached web pages on the local disk which could be exploited by remote attacker to inject arbitrary HTML code into a browsing session and steal sensitive information from targeted web page.

5. Multiple memory corruption error vulnerabilities ( CVE-2007-0775 , CVE-2007-0776 , CVE-2007-0777 )

Multiple memory corruption error vulnerabilities have been reported in layout, SVG and JavaScript engines which could be exploited by remote attackers to crash a vulnerable application or possibly execute arbitrary code.

6. Spoofing using custom cursor and CSS3 hotspot ( CVE-2007-0779 )

A vulnerability has been reported in Mozilla Firefox which may allow a remote attacker to spoof user interface elements such as the hostname and security indicators by creating malicious web sites with large custom cursor and adjusting the CSS3 hotspot property.

7. XSS and local file opening vulnerability ( CVE-2007-0780 , CVE-2007-0800 )

 XSS vulnerabilities have been reported in Mozilla firefox while displaying blocked popup windows. A remote attacker could allow reading arbitrary local files, or conduct an XSS attack against the vulnerability by convincing a user to open a blocked popup.

Solution

Upgrade to Mozilla Firefox version 2.0.0.2 or 1.5.0.10
http://www.mozilla.com/firefox/

Upgrade to Mozilla SeaMonkey version 1.0.8
http://www.mozilla.org/projects/seamonkey/

Upgrade to Network Security Services (NSS) version 3.11.5
http://www.mozilla.org/projects/security/pki/nss/

Vendor Information

Mozilla Foundation
http://www.mozilla.org/security/announce/

References

RedHat
https://rhn.redhat.com/errata/RHSA-2007-0079.html

FrSIRT Advisory
http://www.frsirt.com/english/advisories/2007/0718

Secunia
http://secunia.com/advisories/24205/

Security Focus
http://www.securityfocus.com/bid/22694

US-CERT
http://www.kb.cert.org/vuls/id/269484

Mozilla Foundation Security Advisories
http://www.mozilla.org/security/announce/2007/mfsa2007-01.html http://www.mozilla.org/security/announce/2007/mfsa2007-02.html
http://www.mozilla.org/security/announce/2007/mfsa2007-03.html
http://www.mozilla.org/security/announce/2007/mfsa2007-04.html http://www.mozilla.org/security/announce/2007/mfsa2007-05.html
http://www.mozilla.org/security/announce/2007/mfsa2007-06.html
http://www.mozilla.org/security/announce/2007/mfsa2007-07.html
http://www.mozilla.org/security/announce/2007/mfsa2007-08.html

CVE Name
CVE-2007-0008
CVE-2007-0009
CVE-2006-6077
CVE-2007-0775
CVE-2007-0776
CVE-2007-0777
CVE-2007-0778
CVE-2007-0779
CVE-2007-0780
CVE-2007-0800
CVE-2007-0981
CVE-2007-0995
CVE-2007-0996


Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003