HOME > ADVISORIES


   ADVISORIES

CERT-In Advisory CIAD-2007-13
Mozilla Products Privilege Escalation and Integer Overflow vulnerabilities

Original issue date: March 13, 2007

Severity Rating: High

Systems Affected

  • Firefox 1.5.0.9/2.0.0.1
  • SeaMonkey 1.0.7
  • SeaMonkey prior 1.0.8
  • Thunderbird prior 1.5.0.10

Overview

Two vulnerabilities have been reported in Mozilla products, which could be exploited by remote attackers to execute arbitrary code on the affected system.

Description

1. Privilege escalation by setting img.src to javascript: URI ( CVE-2007-0994 )

A vulnerability has been reported in Mozilla Firefox and SeaMonkey due to regression error while processing IMG tags. A remote attacker could exploit the vulnerability by enticing a user to visit malicious webpage containing the SRC attribute of an IMG tag to a specially crafted javascript: URI and execute arbitrary code on the affected system. This could be triggered even if JavaScript execution was disabled in the global preferences.

2 . Integer overflow vulnerability with text/enhanced e-mail message ( CVE-2007-1282 )

An integer overflow vulnerability has been reported in Mozilla Thunderbird and SeaMonkey due to error in handling text/enhanced or text/richtext formatted e-mail. A remote attacker could exploit the vulnerability by creating a malicious e-mail message with an overly long line (more than 400 megabytes) and entice user to open the mail to execute arbitrary code on the affected system.

Solution

Upgrade to Firefox version 2.0.0.2 or 1.5.0.10:
http://www.mozilla.com/firefox/
Upgrade to SeaMonkey version 1.1.1 or 1.0.8:
http://www.mozilla.org/projects/seamonkey/
Upgrade to Thunderbird version 1.5.0.10
http://www.mozilla.org/projects/thunderbird/

Vendor Information

Mozilla Foundation
http://www.mozilla.org/security/announce/

References

Mozilla Foundation Security
http://www.mozilla.org/security/announce/2007/mfsa2007-09.html
http://www.mozilla.org/security/announce/2007/mfsa2007-10.html

FrSIRT
http://www.frsirt.com/english/advisories/2007/0823

CVE Name
CVE-2007-0994
CVE-2007-1282

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003