|
|
>> Mozilla Suite and Firefox Multiple Code Execution Vulnerabilities
|
Twelve vulnerabilities were identified in Mozilla Suite and Firefox, which may be exploited by malicious web sites to execute arbitrary commands or conduct spoofing and cross site scripting attacks.
- An improper cloning of base objects could allow web content scripts to walk up the prototype chain to get to a privileged object, which could be exploited by attackers to execute arbitrary code.
- An input validation error in the processing of XHTML documents containing fake <IMG> elements could be exploited by malicious web sites to execute scripting code with elevated "chrome" privileges.
- JavaScript dialog boxes do not display or include their origin, which allows a new window to open e.g. a prompt dialog box, which appears to be from a trusted site. See : VUPEN/ADV-2005-0820
- An input validation error in the processing of javascript URLs opened by media players could be exploited by attackers to execute arbitrary code.
- An error in the processing of "top.focus()" calls could be exploited by attackers to conduct spoofing and/or cross site scripting attacks.
- A regression error could be exploited by attackers to inject arbitrary JavaScript code from one page into the frameset of another site.
- An input validation error in the "InstallVersion.compareTo()" function when handling specially crafted objects could be exploited by attackers to run arbitrary code or conduct denial of service attacks.
- An input validation error in the processing of "data:" URLs could be exploited by attackers to conduct cross site scripting attacks.
- An error in the "InstallTrigger.install()" method could be exploited to conduct cross site scripting attacks.
- An error when handling Wallpapers could be exploited by attackers to run arbitary code on a vulnerable system by convincing a user to use the "Set As Wallpaper" context menu item on a specially crafted image.
- Scripts in XBL controls from web content are run even when Javascript was disabled.
- An error in the browser UI when handling user/synthetic events could be exploited by attackers to execute arbitrary code.
Affected Products
Mozilla Firefox 1.0.4 and prior
Mozilla Suite 1.7.8 and prior
Thunderbird 1.0.2 and prior
Solution
Upgrade to Mozilla Firefox 1.0.6, Mozilla Suite 1.7.10 and Thunderbird 1.0.5 :
http://www.mozilla.org/products/
References
http://www.vupen.com/english/advisories/2005/1075
http://www.mozilla.org/security/announce/mfsa2005-56.html
http://www.mozilla.org/security/announce/mfsa2005-55.html
http://www.mozilla.org/security/announce/mfsa2005-54.html
http://www.mozilla.org/security/announce/mfsa2005-53.html
http://www.mozilla.org/security/announce/mfsa2005-52.html
http://www.mozilla.org/security/announce/mfsa2005-51.html
http://www.mozilla.org/security/announce/mfsa2005-50.html
http://www.mozilla.org/security/announce/mfsa2005-49.html
http://www.mozilla.org/security/announce/mfsa2005-48.html
http://www.mozilla.org/security/announce/mfsa2005-47.html
http://www.mozilla.org/security/announce/mfsa2005-46.html
http://www.mozilla.org/security/announce/mfsa2005-45.html
Credits
Vulnerabilities reported by moz_bug_r_a4, shutdown, Secunia, Michael Krax, Kohei Yoshino, Matthew Mastracci, Omar Khan, and Jochen.
ChangeLog
2005-07-12 : Initial release
2005-07-16 : Updated CVE
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
