Ravens PHP Scripts

Mozilla Firefox 3 URI Launching and XUL Error Page Vulnerabilities
Date: Wednesday, July 16, 2008 @ 19:19:25 CEST
Topic: Security


SECUNIA ADVISORY ID: SA31106

VERIFY ADVISORY: http://secunia.com/advisories/31106/

CRITICAL: Highly critical

IMPACT: Security Bypass, Spoofing, System access

SOFTWARE: Mozilla Firefox 3.x - http://secunia.com/product/19089/

DESCRIPTION: Some vulnerabilities have been reported in Firefox 3, which can be exploited by malicious people to bypass certain security restrictions, potentially conduct spoofing attacks, or compromise a user's system. The vulnerabilities are reported in versions prior to 3.0.1.



1) A vulnerability can be exploited to launch e.g. "file" or "chrome:" URIs in Firefox. For more information see: SA31120

2) Input passed to XUL based error pages is not properly sanitised before being returned to a user and can be exploited to e.g. conduct spoofing attacks. In combination with vulnerability #1 this can be exploited to inject arbitrary script code and execute arbitrary code in "chrome" context, but requires that a specially crafted URI is passed to Firefox and that Firefox is not running.

SOLUTION: Update to version 3.0.1 - http://www.mozilla.com/en-US/firefox/

PROVIDED AND/OR DISCOVERED BY: The vendor credits:
1) Billy Rios
2) Ben Turner and Dan Veditz (Mozilla developers)

ORIGINAL ADVISORY: MFSA 2008-35: http://www.mozilla.org/security/announce/2008/mfsa2008-35.html






This article comes from Ravens PHP Scripts
http://www.ravenphpscripts.com

The URL for this story is:
http://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3381