|
|
>> Mozilla Products Remote Code Execution and Cross Site Scripting Vulnerabilities
|
Multiple vulnerabilities have been identified in Mozilla Firefox, SeaMonkey, and Thunderbird, which may be exploited by remote attackers to take complete control of an affected system, bypass security restrictions, or disclose sensitive information.
The first issue is due to buffer overflow errors when processing specially crafted JavaScript regular expressions, which could be exploited by attackers to execute arbitrary commands.
The second issue is due to an error in the auto-update mechanism when validating certificates, which could be exploited by attackers to trick users into accepting unverifiable (often self-signed) certificates as valid and redirect them to a malicious web site.
The third vulnerability is due to memory corruption errors during text display, which could be exploited by attackers to crash a vulnerable application and potentially execute arbitrary commands.
The fourth issue is due to an error in the Network Security Services (NSS) library during RSA signature verification, which could be exploited by attackers to forge signatures. For additional information, see : VUPEN/ADV-2006-3453
The fifth flaw is due to an origin validation error when handling content injected from a web site into a sub-frame of another site using "targetWindow.frames[n].document.open()", which could be exploited by malicious people to conduct cross-domain scripting attacks.
The sixth vulnerability is due to an error where blocked popups from the status bar (blocked popups) icon are always opened in the context of the site listed in the Location (address) bar, which could be exploited by malicious people to conduct cross-site scripting attacks.
The seventh flaw is due to an error where JavaScript code included in remote XBL files is always executed even if JavaScript has been disabled (by default), which could be exploited by attackers to bypass security restrictions and gain knowledge of sensitive information.
The eighth vulnerability is due to memory corruption errors when handling malformed contents, which could be exploited by attackers to crash a vulnerable application or execute arbitrary commands.
Affected Products
Mozilla Firefox versions prior to 1.5.0.7
Mozilla Thunderbird versions prior to 1.5.0.7
Mozilla SeaMonkey versions prior to 1.0.5
Mozilla Network Security Service (NSS) versions prior to 3.11.3
Solution
Upgrade to Firefox 1.5.0.7, Thunderbird 1.5.0.7, SeaMonkey 1.0.5, and Network Security Service (NSS) 3.11.3 :
http://www.mozilla.org/products/
References
http://www.vupen.com/english/advisories/2006/3617
http://www.mozilla.org/security/announce/2006/mfsa2006-64.html
http://www.mozilla.org/security/announce/2006/mfsa2006-63.html
http://www.mozilla.org/security/announce/2006/mfsa2006-62.html
http://www.mozilla.org/security/announce/2006/mfsa2006-61.html
http://www.mozilla.org/security/announce/2006/mfsa2006-60.html
http://www.mozilla.org/security/announce/2006/mfsa2006-59.html
http://www.mozilla.org/security/announce/2006/mfsa2006-58.html
http://www.mozilla.org/security/announce/2006/mfsa2006-57.html
Credits
Vulnerabilities reported by Priit Laes, CanadianGuy, Girts Folkmanis, Catalin Patulea, Jon Oberheide, Jonathan Watt, Michal Zalewski, Philip Mackenzie, Marius Schilder, shutdown, Bernd Mielke, Georgi Guninski, Igor Bukanov, Jesse Ruderman, Martijn Wargers, Mats Palmgren, Olli Pettay, and Weston Carloss.
ChangeLog
2006-09-15 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
