|
|
>> Mozilla Products Multiple Remote Code Execution and Security Bypass Vulnerabilities
|
Multiple vulnerabilities have been identified in Mozilla Firefox and SeaMonkey, which could be exploited by attackers to take complete control of an affected system or bypass security restrictions.
The first issue is due to memory corruption errors in the layout, SVG and JavaScript engines, which could be exploited by attackers to crash a vulnerable application or execute arbitrary commands.
The second vulnerability is due to an error in the Mozilla parser that ignores invalid trailing characters in HTML tag attribute names, which could be exploited by attackers to bypass security restrictions and execute arbitrary scripting code.
The third flaw is due to an error when handling web pages that accept user content and do not specify the character set or encoding used, which could be exploited to bypass security restrictions and conduct cross site scripting attacks.
The fourth issue is due to an error when loading and caching certain documents, which could be exploited by attackers to steal sensitive data from a particular web page.
The fifth issue is due to an error when handling custom cursors, which could allow malicious websites to spoof browser UI elements (e.g. hostname or security indicators) by using a large cursor and adjusting the CSS3 hotspot property.
The sixth vulnerability is due to an error when handling blocked popups, which could be exploited by attackers to gain unauthorized read access to arbitrary files.
The seventh issue is due to buffer overflow errors in the Network Security Services (NSS) when processing a certificate with a public key too small to encrypt the "Master Secret" or when handling invalid parameters while negotiating an SSLv2 session, which could be exploited by attackers to crash a vulnerable application or execute arbitrary commands.
The eighth vulnerability is due to a memory corruption error when handling "onUnload" events and self-modifying "document.write()" calls, which could be exploited by attackers to crash a vulnerable application or execute arbitrary commands.
Other issues have also been fixed. For additional information, see : VUPEN/ADV-2006-4662 - VUPEN/ADV-2007-0032 - VUPEN/ADV-2007-0624
Affected Products
Mozilla Firefox versions prior to 2.0.0.2
Mozilla Firefox versions prior to 1.5.0.10
Mozilla SeaMonkey versions prior to 1.0.8
Network Security Services (NSS) versions prior to 3.11.5
Solution
Upgrade to Mozilla Firefox version 2.0.0.2 or 1.5.0.10 :
http://www.mozilla.com/firefox/
Upgrade to Mozilla SeaMonkey version 1.0.8 :
http://www.mozilla.org/projects/seamonkey/
Upgrade to Network Security Services (NSS) version 3.11.5 :
http://www.mozilla.org/projects/security/pki/nss/
References
http://www.vupen.com/english/advisories/2007/0718
http://www.mozilla.org/security/announce/2007/mfsa2007-01.html
http://www.mozilla.org/security/announce/2007/mfsa2007-02.html
http://www.mozilla.org/security/announce/2007/mfsa2007-03.html
http://www.mozilla.org/security/announce/2007/mfsa2007-04.html
http://www.mozilla.org/security/announce/2007/mfsa2007-05.html
http://www.mozilla.org/security/announce/2007/mfsa2007-06.html
http://www.mozilla.org/security/announce/2007/mfsa2007-07.html
http://www.mozilla.org/security/announce/2007/mfsa2007-08.html
Credits
Vulnerabilities reported by Jesse Ruderman, Martijn Wargers, Olli Pettay, Tom Ferris, Brian Crowder, Igor Bukanov, Johnny Stenback, moz_bug_r_a4, shutdown, Stefan Esser, Stefano Di Paola, Aad, David Eckel, Michal Zalewski, regenrecht and iDefense Labs.
ChangeLog
2007-02-24 : Initial release
2007-02-25 : Updated References
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
