|
|
>> Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues
|
Multiple vulnerabilities have been identified in Mozilla Firefox and SeaMonkey, which could be exploited by attackers to bypass security restrictions, disclose sensitive information, cause a denial of service or take complete control of an affected system.
The first issue is caused by an error in the handling of "XPCNativeWrappers", which could be exploited by attackers to execute arbitrary code by calling "setTimeout()".
The second vulnerability is caused by input validation errors when handling JavaScript, which could be exploited to execute arbitrary scripting code.
The third issue is caused by memory corruption errors in the layout and JavaScript engines when parsing malformed data, which could be exploited by attackers to crash a vulnerable application or execute arbitrary code.
The fourth vulnerability is caused by an error when handling certain HTTP "Referer:" headers, which could be exploited to bypass cross-site request forgery filters.
The fifth issue is caused by an error in the default setting for SSL Client Authentication, automatically selecting a client certificate on behalf of the user, which could be exploited by malicious web sites to potentially gain knowledge of sensitive information.
The sixth vulnerability is caused by improper parsing of the content origin passed from the browser to the Java plugin, which could be exploited by attackers to open socket connections to arbitrary ports on a vulnerable system ("localhost") via the "jar:" protocol.
The seventh issue is caused by an error when handling XUL popups, which could be exploited by an attacker to spoof form elements such as a login prompt for a site opened in a different tab and steal the user's login credentials for that site.
Affected Products
Mozilla Firefox versions prior to 2.0.0.13
Mozilla SeaMonkey versions prior to 1.1.9
Solution
Upgrade to Mozilla Firefox version 2.0.0.13 :
http://www.mozilla.com/firefox/
Upgrade to Mozilla SeaMonkey version 1.1.9 :
http://www.mozilla.org/projects/seamonkey/
References
http://www.vupen.com/english/advisories/2008/0998
http://www.mozilla.org/security/announce/2008/mfsa2008-14.html
http://www.mozilla.org/security/announce/2008/mfsa2008-15.html
http://www.mozilla.org/security/announce/2008/mfsa2008-16.html
http://www.mozilla.org/security/announce/2008/mfsa2008-17.html
http://www.mozilla.org/security/announce/2008/mfsa2008-18.html
http://www.mozilla.org/security/announce/2008/mfsa2008-19.html
Credits
Vulnerabilities reported by moz_bug_r_a4, Boris Zbarsky, Johnny Stenback, Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett, Mats Palmgren, georgi, tgirmann, Igor Bukanov, Gregory Fleischer, RSnake, Peter Brodersen, Alexander Klink, and Chris Thomas.
ChangeLog
2008-03-25 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
