VUPEN - Mozilla Products Code Execution and Security Bypass Vulnerabilities / Exploit (Security Advisories

	About Us \| Contact Us

VUPEN Free Resources

VUPEN Security Advisories

VUPEN Security Blog & News

Zero-day Attacks Monitor

Daily Security Mailinglist

Explanation of Terms

Advanced Search Engine

Mozilla Products Code Execution and Security Bypass Vulnerabilities

VUPEN ID	VUPEN/ADV-2009-1572
CVE ID	CVE-2009-1392 - CVE-2009-1832 - CVE-2009-1833 - CVE-2009-1834 - CVE-2009-1835 - CVE-2009-1836 - CVE-2009-1837 - CVE-2009-1838 - CVE-2009-1839 - CVE-2009-1840 - CVE-2009-1841 - CVE-2009-2210
CWE ID	Available in VUPEN VNS Customer Area
CVSS V2	Available in VUPEN VNS Customer Area
Rated as	Critical
Impact	Available in VUPEN VNS Customer Area
Authentication Level	Available in VUPEN VNS Customer Area
Access Vector	Available in VUPEN VNS Customer Area
Release Date	2009-06-11
Share

Technical Description

Multiple vulnerabilities have been identified in Mozilla Firefox, SeaMonkey and Thunderbird, which could be exploited by attackers to bypass security restrictions, disclose sensitive information, cause a denial of service or compromise a vulnerable system.

The first issues are caused by memory corruption errors in the JavaScript and browser engines when parsing malformed data, which could be exploited by attackers to crash a vulnerable application or execute arbitrary code.

The second vulnerability is caused due to certain invalid unicode characters being displayed as whitespace in the location bar when used as part of an IDN, which could be exploited to spoof the location bar.

The third weakness is caused by an error when interpreting the "file:" protocol, which could be exploited to access any domain's cookies on a vulnerable system by tricking a user into downloading and opening a malicious file via the browser.

The fourth issue is caused by an error when handling a non-200 response returned by a proxy in reply to a CONNECT request, which could cause the body of the response to be rendered within the context of the request "Host:" header.

The fifth vulnerability is caused due to a race condition in "NPObjWrapper_NewResolve" when accessing the properties of a NPObject, a wrapped JSObject, which could be exploited to execute arbitrary code by tricking a user into visiting a specially crafted web page.

The sixth issue is caused by an error when handling event listeners attached to an element whose owner document is null, which could be exploited to execute arbitrary JavaScript with chrome privileges.

The seventh vulnerability is caused due to the "file:" resource inheriting the principal of the previously loaded document when loaded via the location bar, which could allow unauthorized access to local files.

The eighth issue is caused due to content-loading policies not being checked before loading external script files into XUL documents, which could be exploited to bypass restrictions.

The ninth vulnerability is caused by an unspecified error which could allow scripts from page content to run with elevated privileges, leading to arbitrary code execution.

The tenth issue is caused by a memory corruption error when viewing a multipart/alternative mail message with a text/enhanced part, which could be exploited to crash Thunderbird or SeaMonkey, or execute arbitrary code.

Affected Products

Mozilla Firefox versions prior to 3.0.11
Mozilla Thunderbird versions prior to 2.0.0.22
Mozilla SeaMonkey versions prior to 1.1.17

Solution

Monthly Statistics

VUPEN Security Advisories By Criticality: Aug 2010
Critical Risk	: 0%
High Risk	: 0%
Moderate Risk	: 0%
Low Risk	: 100%

Get a real-time view of the vulnerabilities affecting your systems using the VUPEN VNS reporting capabilities.

Try VUPEN VNS