CERT-In Advisory
CIAD-2009-0059
Multiple Vulnerabilities in Mozilla Products
Original Issue Date: December 21, 2009
Severity Rating: High
Systems Affected
- Mozilla Firefox versions 3.5.x prior to 3.5.6
- Mozilla Firefox versions 3.0.x prior to 3.0.16
- ozilla SeaMonkey Versions prior to 2.0.1
Overview
Multiple vulnerabilities have been reported in Mozilla Firefox and SeaMonkey , which could allow a remote attacker to bypass certain security restrictions, disclose potentially sensitive information, conduct spoofing attacks, manipulate certain data, causes denial of service conditions, execute an arbitrary code, or potentially compromise an affected system.
Description
1. 'liboggplay' Media Library Remote Memory Corruption Vulnerability
(
CVE-2009-3388
)
This vulnerability is caused due to multiple memory corruption errors within the liboggplay library in Mozilla Firefox and SeaMonkey. A remote attacker could exploit this vulnerability via a specially crafted media file to trigger a memory corruption error in liboggplay . Successful exploitation of this vulnerability could allow a remote attacker to execute an arbitrary code or causes denial of service conditions.
2. Theora Video Library Remote Integer Overflow Vulnerability
(
CVE-2009-3389
)
This vulnerability is caused due to an Integer overflow error in the Theora libtheora video library used in Mozilla Firefox and SeaMonkey. A remote attacker could exploit this vulnerability via a specially crafted video file to trigger a heap-based buffer overflow error. Successful exploitation of this vulnerability could allow a remote attacker to execute an arbitrary code or causes denial of service conditions.
3. . JavaScript Engine, Browser Engine Multiple Memory Corruption Vulnerabilities
(
CVE-2009-3979
CVE-2009-3980
CVE-2009-3981
CVE-2009-3982
)
Multiple vulnerabilities have been reported in Mozilla Firefox and SeaMonkey due to various memory corruption errors in the JavaScript and browser engines when parsing malformed data. A remote attacker could exploit these vulnerabilities via a specially crafted HTML page to trigger memory corruption errors in the JavaScript engine and the browser engine.
Successful exploitation of these vulnerabilities could allow a remote attacker to cause denial of service conditions or potentially execute an arbitrary code.
4. NTLM Credential Reflection Authentication Bypass Vulnerability
(
CVE-2009-3983
)
This vulnerability is caused due to an error in the implementation of the NTLM NT LAN Manager authentication protocol in Mozilla Firefox and SeaMonkey. A remote attacker could exploit this vulnerability via a specially crafted web page to conduct NTLM reflection attacks in which NTLM credentials from one application could be forwarded to another arbitrary application via the browser.
Successful exploitation of this vulnerability could allow a remote attacker to bypass certain security restrictions and launch further attacks against the victim.
5. document.location SSL indicator and URL spoofing vulnerabilities
(
CVE-2009-3984
CVE-2009-3985
)
Multiple vulnerabilities have been reported in Mozilla Firefox and SeaMonkey due to errors in processing the " document.location " property when handling HTTP redirections to "https://" URLs and invalid URLs. A remote attacker could exploit this vulnerabilities via a specially crafted web page to spoof the URL in the location bar and display the SSL indicator near the location bar while visiting an insecure web page .
Successful exploitation of these vulnerabilities could allow a remote attacker to spoof the URL bar SSL status and the URL bar contents.
6. 'window.opener' Property Privilege Escalation Vulnerability
(
CVE-2009-3986
)
This vulnerability is caused due to an error in handling the "window.opener" property when opening content windows from a chrome window in Mozilla Firefox and SeaMonkey. A remote attacker could exploit this vulnerability by tricking a user to open a content window by a chrome window using the 'window.opener' property to access functions in the chrome window.
Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary JavaScript code with elevated chrome privileges.
7. GeckoActiveXObject Exception Message COM Object Information disclosure Vulnerability
(
CVE-2009-3987
)
This vulnerability is caused due to an error in "GeckoActiveXObject " when generating different exception messages based on whether or not the requested COM object's ProgID is present in the system registry in Mozilla Firefox and SeaMonkey. A remote attacker could exploit this vulnerability to enumerate a list of COM objects installed on affected system and potentially track a user across browsing sessions.
Successful exploitation of this vulnerability could allow a remote attacker to disclose potentially sensitive information.
Solution
Upgrade to Mozilla Firefox version 3.5.6 or 3.0.16 or later
http://www.mozilla.com/firefox/
Upgrade to Mozilla SeaMonkey version 2.0.1
http://www.mozilla.org/projects/seamonkey/
Vendor Information
Mozilla
http://www.mozilla.com/en-US/
References
Mozilla
http://www.mozilla.org/security/announce/2009/mfsa2009-65.html
http://www.mozilla.org/security/announce/2009/mfsa2009-66.html
http://www.mozilla.org/security/announce/2009/mfsa2009-67.html
http://www.mozilla.org/security/announce/2009/mfsa2009-68.html
http://www.mozilla.org/security/announce/2009/mfsa2009-69.html
http://www.mozilla.org/security/announce/2009/mfsa2009-70.html
http://www.mozilla.org/security/announce/2009/mfsa2009-71.html
Bugzilla
https://bugzilla.mozilla.org/buglist.cgi?bug_id=515811,522374,457514,506267,479931,293347,494617,516237
https://bugzilla.mozilla.org/buglist.cgi?bug_id=495875,470487
https://bugzilla.mozilla.org/show_bug.cgi?id=468771
https://bugzilla.mozilla.org/buglist.cgi?bug_id=510518,513981,514999,524121
https://bugzilla.mozilla.org/buglist.cgi?bug_id=504843,523816
https://bugzilla.mozilla.org/buglist.cgi?bug_id=515882,504613
https://bugzilla.mozilla.org/show_bug.cgi?id=487872
https://bugzilla.mozilla.org/show_bug.cgi?id=521461
https://bugzilla.mozilla.org/show_bug.cgi?id=514232
https://bugzilla.mozilla.org/show_bug.cgi?id=522430
https://bugzilla.mozilla.org/show_bug.cgi?id=503451
Secunia
http://secunia.com/advisories/37699/
SecurityFocus
http://www.securityfocus.com/bid/37369
http://www.securityfocus.com/bid/37366
http://www.securityfocus.com/bid/37370
http://www.securityfocus.com/bid/37365
http://www.securityfocus.com/bid/37368
http://www.securityfocus.com/bid/37367
http://www.securityfocus.com/bid/37360
SecurityTracker
http://securitytracker.com/alerts/2009/Dec/1023336.html
http://securitytracker.com/alerts/2009/Dec/1023334.html
http://securitytracker.com/alerts/2009/Dec/1023343.html
http://securitytracker.com/alerts/2009/Dec/1023341.html
http://securitytracker.com/alerts/2009/Dec/1023345.html
http://securitytracker.com/alerts/2009/Dec/1023347.html
ISS XFORCE
http://xforce.iss.net/xforce/xfdb/54804
http://xforce.iss.net/xforce/xfdb/54807
http://xforce.iss.net/xforce/xfdb/54805
http://xforce.iss.net/xforce/xfdb/54799
http://xforce.iss.net/xforce/xfdb/54806
http://xforce.iss.net/xforce/xfdb/54808
http://xforce.iss.net/xforce/xfdb/54803
http://xforce.iss.net/xforce/xfdb/54798
VUPEN
http://www.vupen.com/english/advisories/2009/3547
CVE Name
CVE-2009-3388
CVE-2009-3389
CVE-2009-3979
CVE-2009-3980
CVE-2009-3981
CVE-2009-3982
CVE-2009-3983
CVE-2009-3984
CVE-2009-3985
CVE-2009-3986
CVE-2009-3987
CWE Name
CWE-94
CWE-189
CWE-200
CWE-399
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India
|