CERT-In Advisory
CIAD-2005-0018
Multiple Vulnerabilities in Mozilla Products
Original Issue Date: July 22, 2005
Severity Rating: High
Systems Affected
- Mozilla Firefox version 1.0.4 and prior
- Mozilla Suite 1.7.8 and prior
- Netscape 8.0.2 and prior
- Thunderbird 1.0.2 and prior
Overview
Multiple vulnerabilities have been reported in Mozilla and Mozilla Firefox. These vulnerabilities allow attackers to execute arbitrary code, bypass security checks, execute script code and disclose confidential information.
Description
1. Code execution through shared function objects vulnerability CAN-2005-2270
A remote code execution vulnerability has been reported in Mozilla Firefox in controlling access in shared base objects. A remote user can trigger a specially crafted script that, when loaded can traverse the prototype chain to access a privileged object and then cause the object to execute arbitrary code with elevated privileges.
2. Mozilla Firefox Standalone Application Support may let Remote Users Execute Arbitrary Code CAN-2005-2267
It has been seen that when a specially crafted HTML code, when loaded by the remote user, will invoke an application to execute scripting code that will open a URL in the target user's browser. A 'javascript:' URL will run in the context of the currently open browser window i.e., the previous content .
3. XHTML node spoofing vulnerability CAN-2005-2269
It has been reported that Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly verify the associated types of DOM node names, which allows remote attackers to modify certain tag properties, and possibly execute arbitrary code.
4. Possibly exploitable crash in InstallVersion.compareTo vulnerability CAN-2005-2265
It has been seen that when InstallVersion.compareTo is called with an object instead of strings it assumed the object was another InstallVersion without verifying it. When passed a different kind of object the browser would generally crash with an access violation.
5. Script injection from Firefox sidebar panel using data vulnerability CAN-2005-2264
A missing security check in Mozilla suite allows the sidebar to inject data: urls containing scripts into any page open in the browser. This could be used to steal cookies, passwords or other sensitive data.
6. Same-origin violation with InstallTrigger callback vulnerability CAN-2005-2263
The InstallTrigger.install method allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation.
7. Mozilla Firefox "Set As Wallpaper" Code Execution Exploit CAN-2005-2262
An error has been reported in the handling of wallpapers in Mozilla Firefox which could be exploited by attackers to run arbitrary code by convincing a user to use the "Set As Wallpaper" context menu item on a specially crafted image.
8. Same origin violation vulnerability via frame calling top.focus CAN-2005-2266
A child frame can call top.focus even if the framing page comes from a different origin and has overridden the focus routine. The call is made in the context of the child frame. The attacker could target a site with a framed page that makes this call but doesn't verify that its parent comes from the same site. By exploiting this vulnerability the attacker could steal cookies and passwords from the framed page, or take actions on behalf of a signed-in user.
9. Content generated event vulnerabilities CAN-2005-2260
The browser user interface UI in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events such as mouse clicks or keystrokes and untrusted synthetic events such as generated by web content. This could allow remote attackers to perform dangerous actions that normally could only be performed manually by the user.
10. Running of XBL scripts with JavaScript disabled CAN-2005-2261
It has been reported that scripts in XBL controls from web content runs even when Javascript was disabled. This could be exploited when combined with most script-based exploits to attack users running vulnerable versions who assume disabling JavaScript would protect them.
Solution
Apply appropriate patches as suggested by vendor or upgrade to higher versions where applicable.
Vendor Information
Mozilla
http://www.mozilla.org/security/announce/mfsa2005-56.html
http://www.mozilla.org/security/announce/mfsa2005-53.html
http://www.mozilla.org/security/announce/mfsa2005-55.html
http://www.mozilla.org/security/announce/mfsa2005-50.html
http://www.mozilla.org/security/announce/mfsa2005-49.html
http://www.mozilla.org/security/announce/mfsa2005-48.html
http://www.mozilla.org/security/announce/mfsa2005-47.html
http://www.mozilla.org/security/announce/mfsa2005-52.html
References
Security Tracker Alert
http://securitytracker.com/alerts/2005/Jul/1014470.html
http://securitytracker.com/alerts/2005/Jul/1014469.html
SecuriTeam Vulnerability Note
http://www.securiteam.com/securitynews/5ZP0E0UGAK.html
http://www.securiteam.com/exploits/5EP031PGBM.html
Secunia Advosories
http://secunia.com/advisories/16062/
http://secunia.com/advisories/15549/
http://secunia.com/advisories/16043
FrSirt Advisory
http://www.frsirt.com/english/advisories/2005/1075
Securityfocus BID 14242
http://www.securityfocus.com/bid/14242/info
CVE Name
CAN-2005-2260
CAN-2005-2261
CAN-2005-2262
CAN-2005-2263
CAN-2005-2264
CAN-2005-2265
CAN-2005-2266
CAN-2005-2267
CAN-2005-2269
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India
|