About Us | Contact Us

 


 

VUPEN Free Resources
 
  VUPEN Security Advisories
 
  VUPEN Security Blog & News
  Zero-day Attacks Monitor
  Daily Security Mailinglist
  Explanation of Terms
  Advanced Search Engine
 
   

Mozilla Products Code Execution and Security Bypass Vulnerabilities

VUPEN ID VUPEN/ADV-2009-0313
CVE ID CVE-2009-0352 - CVE-2009-0353 - CVE-2009-0354 - CVE-2009-0355 - CVE-2009-0356 - CVE-2009-0357 - CVE-2009-0358
 
CWE ID Available in VUPEN VNS Customer Area
CVSS V2 Available in VUPEN VNS Customer Area
Rated as Critical 
Impact Available in VUPEN VNS Customer Area
Authentication Level Available in VUPEN VNS Customer Area
Access Vector Available in VUPEN VNS Customer Area
Release Date 2009-02-03
Share Twitter LinkedIn Facebook Delicious Digg Slashdot

Technical Description

Multiple vulnerabilities have been identified in Mozilla Firefox, SeaMonkey and Thunderbird, which could be exploited by attackers to bypass security restrictions, disclose sensitive information, cause a denial of service or compromise a vulnerable system.

The first issue is caused by memory corruption errors in the JavaScript and layout engines when parsing malformed data, which could be exploited by attackers to crash a vulnerable application or execute arbitrary code.

The second vulnerability is caused by an error when handling a chrome XBL method used in conjunction with "window.eval", which could allow malicious web sites to violate the same origin policy and conduct cross domain scripting attacks.

The third issue exists because a form input control type of a closed tab can be changed when restoring a closed tab, which could allow attackers to disclose the contents of arbitrary files on a vulnerable system.

The fourth vulnerability is caused by an error when processing certain ".desktop" shortcut files, which could be exploited to execute arbitrary code with chrome privileges.

The fifth issue is caused due to cookies marked "HTTPOnly" being readable by JavaScript through the "XMLHttpRequest.getResponseHeader" and "XMLHttpRequest.getAllResponseHeaders" APIs, which could be exploited to gain access to "document.cookie".

The sixth vulnerability is caused due to the "Cache-Control: no-store" and "Cache-Control: no-cache" HTTP directives being ignored, which could cause potentially sensitive information to be cached by the browser, allowing malicious local users to disclose private data.

Affected Products

Mozilla Firefox versions prior to 3.0.6
Mozilla SeaMonkey versions prior to 1.1.15
Mozilla Thunderbird versions prior to 2.0.0.21

Solution 

Upgrade to Mozilla Firefox version 3.0.6 :
http://www.mozilla.com/firefox/

Upgrade to Mozilla SeaMonkey version 1.1.15 :
http://www.mozilla.org/projects/seamonkey/

Upgrade to Mozilla Thunderbird version 2.0.0.21 :
http://www.mozilla.com/thunderbird/

References

http://www.vupen.com/english/advisories/2009/0313
http://www.mozilla.org/security/announce/2009/mfsa2009-01.html
http://www.mozilla.org/security/announce/2009/mfsa2009-02.html
http://www.mozilla.org/security/announce/2009/mfsa2009-03.html
http://www.mozilla.org/security/announce/2009/mfsa2009-04.html
http://www.mozilla.org/security/announce/2009/mfsa2009-05.html
http://www.mozilla.org/security/announce/2009/mfsa2009-06.html

Credits 

Vulnerabilities reported by Jesse Ruderman, Georgi Guninski, Martijn Wargers, Gary Kwong, moz_bug_r_a4, Wladimir Palant, and Paul Nel.

Changelog 

2009-02-03 : Initial release

Feedback 

If you have additional information or corrections for this security advisory please submit them via our contact form.
 

Monthly Statistics 

 

 VUPEN Security Advisories By Criticality: Sep 2010


  Critical Risk

 : 14%

  High Risk		 : 3%

  Moderate Risk		 : 45%

  Low Risk		 : 38%

Get a real-time view of the vulnerabilities affecting your systems using the VUPEN VNS reporting capabilities.
 
 

Try VUPEN VNS 

 

 





© 2004-2010 VUPEN Security - Copyright - Privacy Policy