HOME > ADVISORIES


   ADVISORIES

CERT-In Advisory CIAD-2007-40
Mozilla Products Privilege Escalation and Unescaped URI's Handling Vulnerabilities .

Original issue date: August 02, 2007

Severity Rating: High


Systems Affected

  • Firefox prior to 2.0.0.6
  • Thunderbird prior to 2.0.0.6
  • SeaMonkey prior to 1.1.4


Overview

Multiple vulnerabilities have been reported in Mozilla Products which could be exploited by remote attackers to execute arbitrary code on the affected system.


Description

1 . Unescaped URI's passed to external programs
(CVE-2007-3845)

A vulnerability has been reported in Mozilla Products due to the passing of unescaped URI's to external programs (registered protocol handlers) which may cause the external program to interpret single URI as multiple arguments. Since this handling is a property of the Windows Shell API therefore other internet-enabled applications that pass these URIs to the Windows Shell could be affected.

The above vulnerability coupled with the similar vulnerability discussed in CIVN-2007-92 , Mozilla Firefox does not filter input when sending certain URIs to registered protocol handlers , could be exploited by a remote, un authenticated attacker to execute arbitrary code using Mozilla Firefox as an attack vector on the windows system.

2. Privilege escalation vulnerability in Mozilla Products
(CVE-2007-3844)

Chrome is the user interface parts of the application window that are outside of a window's content area. Toolbars, menu bars, progress bars, and window title bars are all examples of elements that are typically part of the chrome.

A vulnerability has been reported in Mozilla Products due to an error while handling "about: blank" pages loaded by chrome in an add-on. This vulnerability could be exploited by remote attackers to execute JavaScript under chrome privileges can cause to privilege escalation attacks.


Solution

Upgrade to Firefox version 2.0.0.6 :
http://www.mozilla.com/en-US/firefox/

Upgrade to Thunderbird version 2.0.0.6 :
http://www.mozilla.com/en-US/thunderbird/

Upgrade to Seamonkey version 1.1.4:
http://www.mozilla.org/projects/seamonkey/


Vendor Information

Mozilla Foundation
http://www.mozilla.org


References

Mozilla Foundation Security Advisories
http://www.mozilla.org/security/announce/2007/mfsa2007-26.html http://www.mozilla.org/security/announce/2007/mfsa2007-27.html

SecurityFocus
http://www.securityfocus.com/bid/25142/info

Secunia
http://secunia.com/advisories/26288/

US-CERT
http://www.kb.cert.org/vuls/id/783400 http://www.kb.cert.org/vuls/id/403150

CVE Name
CVE-2007-3844
CVE-2007-3845


Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003