Advisories

CERT-In Advisory CIAD-2005-0021

Multiple Vulnerabilities in Mozilla Products

Original Issue Date: September 26, 2005

Severity Rating: High

Systems Affected

Mozilla Firefox version 1.0.6 and prior
Mozilla 1.7.x and prior

Overview

Multiple vulnerabilities have been reported in Mozilla and Mozilla Firefox.

Impact

Execute arbitrary code
Bypass security checks
Conduct spoofing attacks
Cross site scripting attacks.

Description

1. Heap overrun in XBM image processing vulnerability

A heap overflow vulnerability has been reported in processing of a specially crafted XBM images. The ProcessData function of the nsXBMDecoder class parse the data of an XBM's format image. This vulnerability could cause during the re-processing of XBM image format ending with space characters instead of the expected end tag within the libpr0n module. An attacker who successfully exploited this vulnerability could execute arbitrary code on remote system.

2. XMLHttpRequest header spoofing vulnerability

This vulnerability occurs when malformed header characters are added to XMLHttpRequest. To exploit this vulnerability a remote attacker construct a malicious webpage and entice users to visit this webpage. An attacker who successfully exploited this vulnerability could caused to spoof XMLHttpRequest headers and able to spoof XMLHttp requests to other hosts. This could lead to data theft on shared hosts.

3. JavaScript integer overflow vulnerability

An integer overflow in vulnerability has been reported in the JavaScript engine of Mozilla products. This can be used to exploit and run arbitrary code under certain favorable conditions.

4. Privilege escalation using about: scheme vulnerability

It has been seen that when about:mozilla page is opened and changed some contents on this page by using javascript, the url is changed to reflect the location of the actual page. This can be used in conjunction with a cross-site scripting vulnerability to achieve chrome privileges. It is possible to craft a malicious URL to load "about:blank". Once laoded by a remote user, an attacker can load "about:plugins" and abuse its privileges by XSS attacks.

5. Chrome window spoofing vulnerability

An error has been reported where a high privileged "chrome" pages could be loaded from an unprivileged "about:" page. This could be used to execute arbitrary commands.

Solution

Apply appropriate patches as suggested by vendor or upgrade to higher versions where applicable.

Vendor Information

Mozilla Foundation
http://www.mozilla.org/security/announce/mfsa2005-58.html

References

Security Tracker Alert
http://securitytracker.com/alerts/2005/Sep/1014955.html

Secunia Advosories
http://secunia.com/advisories/16917/

FrSirt Advisory
http://www.frsirt.com/english/advisories/2005/1824

Securityfocus
http://www.securityfocus.com/bid/14917
http://www.securityfocus.com/bid/14918
http://www.securityfocus.com/bid/14919
http://www.securityfocus.com/bid/14920
http://www.securityfocus.com/bid/14921
http://www.securityfocus.com/bid/14923

CVE Name
CAN-2005-2871
CAN-2005-2968
CAN-2005-2701
CAN-2005-2702
CAN-2005-2703
CAN-2005-2704
CAN-2005-2705
CAN-2005-2706
CAN-2005-2707

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Email: info@cert-in.org.in
Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India