|
|
>> Mozilla Products Multiple Remote Code Execution and Security Bypass Vulnerabilities
|
Multiple vulnerabilities have been identified in Mozilla Firefox, Thunderbird and SeaMonkey, which could be exploited by attackers to bypass security restrictions, disclose sensitive information, cause a denial of service or take complete control of an affected system.
The first issue is caused by memory corruption errors in the layout and JavaScript engines when parsing malformed data, which could be exploited by attackers to crash a vulnerable application or execute arbitrary code.
The second vulnerability is caused by an error within the form autocomplete feature when processing malformed data (e.g. an overly long text field), which could be exploited by malicious web sites to crash an affected browser or exhaust all available memory resources, creating a denial of service condition.
The third issue is caused by input validation errors within the processing of cookie path and name values, which could be exploited by attackers to cause a denial of service via a malicious web page.
The fourth issue is caused by a weakness in the APOP authentication, which could be exploited by attackers to potentially obtain sensitive information.
The fifth vulnerability is caused by an error in the "nsEventReceiverSH::AddEventListenerHelper()" [nsDOMClassInfo.cpp] function, which could be exploited by remote attackers to bypass the browser's same-origin policy and access or modify data from arbitrary sites by tricking a user into visiting a specially crafted web page.
The sixth issue is caused by an eror when handling XUL popups, which could be exploited by attackers to spoof or hide parts of the browser chrome such as the location bar.
Affected Products
Mozilla Firefox versions prior to 2.0.0.4
Mozilla Firefox versions prior to 1.5.0.12
Mozilla SeaMonkey versions prior to 1.0.9
Mozilla SeaMonkey versions prior to 1.1.2
Mozilla Thunderbird versions prior to 2.0.0.4
Mozilla Thunderbird versions prior to 1.5.0.12
Solution
Upgrade to Mozilla Firefox version 2.0.0.4 or 1.5.0.12 :
http://www.mozilla.com/firefox/
Upgrade to Mozilla SeaMonkey version 1.0.9 or 1.1.2 :
http://www.mozilla.org/projects/seamonkey/
Upgrade to Mozilla Thunderbird version 2.0.0.4 or 1.5.0.12 :
http://www.mozilla.com/thunderbird/
References
http://www.vupen.com/english/advisories/2007/1994
http://www.mozilla.org/security/announce/2007/mfsa2007-12.html
http://www.mozilla.org/security/announce/2007/mfsa2007-13.html
http://www.mozilla.org/security/announce/2007/mfsa2007-14.html
http://www.mozilla.org/security/announce/2007/mfsa2007-15.html
http://www.mozilla.org/security/announce/2007/mfsa2007-16.html
http://www.mozilla.org/security/announce/2007/mfsa2007-17.html
Credits
Vulnerabilities reported by Boris Zbarsky, Eli Friedman, Georgi Guninski, Jesse Ruderman, Martijn Wargers, Olli Pettay, Brendan Eich, Igor Bukanov, moz_bug_r_a4, Wladimir Palant, Marcel, Nicolas Derouet, Gaetan Leurent and Chris Thomas.
ChangeLog
2007-05-30 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
