CERT-In Advisory CIAD-2007-58
Multiple Vulnerabilities in Mozilla Products
Original issue date:
October 24, 2007
Severity Rating: High
Systems Affected
- Firefox versions prior to 2.0.0.8
- SeaMonkey versions prior to 1.1.5
Overview
Multiple vulnerabilities have been reported in Mozilla Firefox and Seamonkey which could be exploited by remote attacker to gain elevated privileges, cause denial of service or execute arbitrary code on the affected system.
Description
1. XPCNativeWrappers pollution using Script object (CVE-2007-5338, CWE-16)
A vulnerability has been reported in Mozilla Products due to unspecified error in the handling of "XPCNativeWrappers" .A remote attacker could exploit the vulnerability to execute arbitrary JavaScript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed.
2.File stealing through sftp protocol (CVE-2007-5337,CWE-200)
A vulnerability has been reported in Firefox due to error in handling of "smb:" and "sftp:" URI schemes on Linux systems with gnome-vfs support. A remote attacker could exploit the vulnerability by hosting a malicious webpage on to a mutually accessible location (/tmp) on the target server and trick the user into loading the malicious page. In this way the attacker could potentially read any file owned by the victim user from known locations on that server and lead to unauthorized information disclosure.
3.File input focus stealing vulnerability (CVE-2007-3511)
A vulnerability has been reported in Mozilla due to improper handling of form fields. The focus handling for the onkeydown event allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention.
4.Digest authentication HTTP request splitting (CVE-2007-2292)
A vulnerability has been reported in Firefox due to improper validation of user ID when making an HTTP request using Digest Authentication to log into a web site. A malicious page could abuse this to inject arbitrary HTTP headers by including a newline character in the user ID followed by the injected header data. If the request is served via a proxy, the attacker could inject headers that a proxy would interpret as two separate requests for different hosts and conduct HTTP response splitting attacks.
5.Memory Corruption Errors in Browser and JavaScript Engine (CVE-2007-5339,CWE-20)
Multiple vulnerabilities have been reported in Mozilla Products due to memory corruption errors in browser and JavaScript engine while parsing malformed data which could be exploited by remote attacker to crash browser and JavaScript engines and cause denial of service on the affected system.
Successful exploitation of these vulnerabilities may allow execution of arbitrary code.
Workaround
Solution
Upgrade to Firefox version 2.0.0.8:
http://www.mozilla.com/en-US/firefox/
Upgrade to SeaMonkey version 1.1.5:
http://www.mozilla.org/projects/seamonkey/
Vendor Information Mozilla Foundation
http://www.mozilla.org/security/announce/2007/mfsa2007-35.html
http://www.mozilla.org/security/announce/2007/mfsa2007-34.html
http://www.mozilla.org/security/announce/2007/mfsa2007-32.html
http://www.mozilla.org/security/announce/2007/mfsa2007-31.html
http://www.mozilla.org/security/announce/2007/mfsa2007-29.html
References Frsirt
http://www.frsirt.com/english/advisories/2007/3544
Secunia
http://secunia.com/advisories/27311/
CVE-Name
CVE-2007-5338
CVE-2007-5337
CVE-2007-3511
CVE-2007-2292
CVE-2007-5339
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
