CERT-In Advisory
CIAD-2006-0048
Multiple Vulnerabilities in Mozilla Products
Original Issue Date: December 21, 2006
Severity Rating: High
Systems Affected
- Mozilla Firefox versions prior to 2.0.0.1
- Mozilla Firefox versions prior to 1.5.0.9
- Mozilla Thunderbird versions prior to 1.5.0.9
- Mozilla SeaMonkey versions prior to 1.0.7
Overview
Multiple vulnerabilities have been reported in Mozilla products, which could be exploited by attackers to conduct cross site scripting attacks and bypass certain security restriction.
Description
1. Multiple memory corruption error vulnerabilities
(
CVE-2006-6497
)
Multiple vulnerabilities have been reported in Mozilla products due to a memory corruption error in the layout engine, JavaScript engine. It has been seen that if the floating point precision of the CPU was reduced then it is possible that js_dtoa will not exit and overwrite subsequent memory.
2. CSS cursor image buffer overflow vulnerability
(
CVE-2006-6500
)
A heap overflow vulnerability has been reported in forefox while trying to set the cursor property of certain images on Windows. It may allow an attacker to compromise the victim's system.
3. Privilege escalation vulnerability in JavaScript watch function
(
CVE-2006-6501
)
A privilege escalation vulnerability has been reported in the JavaScript watch function which could allow an attacker to compromise a remote system and install malware.
4. LiveConnect crash finalizing JS objects
(
CVE-2006-6502
)
LiveConnect is the bridge code that allows Java applets and web JavaScript to communicate. A vulnerability has been reported in the LiveConnect while re-using an already-freed object. This could allow an attacke to crash the vulnerable application.
5. Cross site scripting vulnerability by setting img.src to javascript
(
CVE-2006-6503
)
A XSS vulnerability has been reported in Mozilla products while handling the "src" attribute of an "IMG" element loaded in a frame. This could allow a remote attacker to conduct cross site scripting attacks and can steal credentials and financial data.
6. Mozilla SVG Processing Remote Code Execution vulnerability
(
CVE-2006-6504
)
A memory corruption vulnerability has been reported while a ppending an SVG comment DOM node from one document into another type of document such as HTML. This could allow a remote attacker to execute arbitrary commands on the vulnerable system.
7. Mail header processing heap overflow error
(
CVE-2006-6505
)
Multiple heap-based buffer overflows vulnerabilities have been reported in the Mozilla Thunderbird and SeaMonkey. This may allow remote attackers to execute arbitrary commands by using long Content-Type headers or long encoded (MIME non-ASCII) headers.
8. RSS Feed-preview referrer leak vulnerability
(
CVE-2006-6506
)
It has been seen that the "Feed Preview" feature of Mozilla Firefox use to send URLs of the feed when requesting favicon.ico icons, which results in a privacy leak.
9. Cross site scripting vulnerability using outer window's Function object
(
CVE-2006-6507
)
It has been seen that the Function prototype regression vulnerability could be exploited to bypass the XSS protection. This could allow a remote attacker to steal sensitive information from arbitrary sites or perform destructive actions on behalf of a logged-in user.
Solution
Upgrade to Mozilla Firefox version 2.0.0.1 or 1.5.0.9
http://www.mozilla.com/firefox/
Upgrade to Mozilla Thunderbird version 1.5.0.9
http://www.mozilla.com/thunderbird/
Upgrade to Mozilla SeaMonkey version 1.0.7
http://www.mozilla.org/projects/seamonkey/
Vendor Information
Mozilla Foundation
http://www.mozilla.org
References
RedHat
https://rhn.redhat.com/errata/RHSA-2006-0758.html
FrSIRT
http://www.frsirt.com/english/advisories/2006/5068
Secunia
http://secunia.com/advisories/23282/
Security Focus
http://www.securityfocus.com/bid/21668
Mozilla Foundation Security Advisories
http://www.mozilla.org/security/announce/2006/mfsa2006-68.html
http://www.mozilla.org/security/announce/2006/mfsa2006-69.html
http://www.mozilla.org/security/announce/2006/mfsa2006-70.html
http://www.mozilla.org/security/announce/2006/mfsa2006-73.html
http://www.mozilla.org/security/announce/2006/mfsa2006-74.html
http://www.mozilla.org/security/announce/2006/mfsa2006-75.html
http://www.mozilla.org/security/announce/2006/mfsa2006-76.html
CVE Name
CVE-2006-6497
CVE-2006-6498
CVE-2006-6499
CVE-2006-6500
CVE-2006-6501
CVE-2006-6502
CVE-2006-6503
CVE-2006-6504
CVE-2006-6505
CVE-2006-6506
CVE-2006-6507
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India
|