Advisories

CERT-In Advisory CIAD-2011-0067

Multiple Vulnerabilities in Mozilla Products

Original Issue Date: November 28, 2011

Severity Rating: High

Systems Affected

Mozilla Firefox versions prior to 8.0
Mozilla Firefox versions prior to 3.6.24
Mozilla Thunderbird versions prior to 8.0
Mozilla Thunderbird versions prior to 3.1.16

Overview

Multiple vulnerabilities have been reported in Mozilla Firefox and Thunderbird , which could allow a remote attacker to bypass certain security restrictions, disclose potentially sensitive information, conduct Cross-Site Scripting (XSS) attacks, gain elevated privileges and causes denial of service condition or potentially compromise an affected system.

Description

1. JSSubScriptLoader privilege escalation vulnerability ( CVE-2011-3647   )

This vulnerability is caused due to improper handling of XPCNativeWrappers during calls to the loadSubScript method in an add-on in JSSubScriptLoader in Mozilla Firefox and Thunderbird. A remote attacker could exploit this vulnerability via specially crafted web site to leverage certain unwrapping behavior. Successful exploitation of this vulnerability could allow a remote attacker to gain elevated privileges.

2. Shift JIS Cross-site scripting (XSS) vulnerability ( CVE-2011-3648   )

This vulnerability is caused due to an error when parsing invalid sequences in the Shift-JIS encoding in Mozilla Firefox and Thunderbird. A remote attacker could exploit this vulnerability via a specially crafted text with Shift JIS encoding to inject arbitrary web script or HTML . Successful exploitation of this vulnerability could allow a remote attacker to conduct Cross-Site Scripting (XSS) attacks.

3. Multiple Memory Corruption Vulnerabilities ( CVE-2011-3651   CVE-2011-3652   CVE-2011-3654   )

Multiple memory corruption vulnerabilities have been reported in browser engine when parsing malformed data and improper handling of links from SVG mpath elements to non-SVG elements in Mozilla Firefox and Thunderbird. A remote attacker could exploit these vulnerabilities via a specially crafted web page to trigger a memory corruption error. Successful exploitation of these vulnerabilities could allow a remote attacker to execute an arbitrary code or cause denial of service condition.

4. Firebug Denial of Service Vulnerability ( CVE-2011-3650   )

This vulnerability is caused due to improper handling of JavaScript files that contain many functions when using Firebug in Mozilla Firefox and Thunderbird. A remote attacker with currently logged in user privileges could exploit this vulnerability via a specially crafted file that is accessed by debugging APIs to trigger memory corruption error . Successful exploitation of this vulnerability could allow a remote attacker to cause denial of service condition.

5. Direct2D API Same Origin policy bypass Vulnerability ( CVE-2011-3649   )

This vulnerability is caused due to an error within Windows D2D API hardware acceleration used in conjunction with the Azure graphics back-end in Mozilla Firefox and Thunderbird. A remote attacker could exploit this vulnerability by inserting specially crafted data into a canvas to obtain sensitive image data from a different domain. Successful exploitation of this vulnerability could allow a remote attacker to bypass the Same Origin Policy.

6. WebGL Same Origin policy bypass Vulnerability ( CVE-2011-3653   )

This vulnerability is caused due to improper interaction with the GPU memory behaviour of a certain driver for Intel integrated GPUs on Mac OS X in Mozilla Firefox and Thunderbird. A remote attacker could exploit this vulnerability via vectors related to WebGL textures to read image data from a different domain. Successful exploitation of this vulnerability could allow a remote attacker to bypass the Same Origin Policy.

7. NoWaiverWrapper Arbitrary code execution Vulnerability ( CVE-2011-3655   )

This vulnerability is caused due to an error within an internal privilege check due to not respecting the NoWaiverWrappers restrictions in Mozilla Firefox and Thunderbird. A remote attacker could exploit this vulnerability via a specially crafted web site to gain elevated privileges. Successful exploitation of this vulnerability could allow a remote attacker to execute an arbitrary code.

Solution

Upgrade to Mozilla Firefox version 8.0 or 3.6.24:
http://www.mozilla.com/firefox/
Upgrade to Mozilla Thunderbird version 8.0 or 3.1.16:
http://www.mozilla.com/thunderbird/

Vendor Information

Mozilla
http://www.mozilla.com/en-US/

References

Mozilla
http://www.mozilla.org/security/announce/2011/mfsa2011-46.html
http://www.mozilla.org/security/announce/2011/mfsa2011-47.html
http://www.mozilla.org/security/announce/2011/mfsa2011-48.html
http://www.mozilla.org/security/announce/2011/mfsa2011-49.html
http://www.mozilla.org/security/announce/2011/mfsa2011-50.html
http://www.mozilla.org/security/announce/2011/mfsa2011-51.html
http://www.mozilla.org/security/announce/2011/mfsa2011-52.html

Secunia
http://secunia.com/advisories/46773/
http://secunia.com/advisories/46757/

SecurityFocus
http://www.securityfocus.com/bid/50593

SecurityTracker
http://securitytracker.com/id/1026299

CVE Name
CVE-2011-3647
CVE-2011-3648
CVE-2011-3649
CVE-2011-3650
CVE-2011-3651
CVE-2011-3652
CVE-2011-3653
CVE-2011-3654
CVE-2011-3655

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Email: info@cert-in.org.in
Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India