Mozilla Firefox 3 URI Launching and XUL Error Page Vulnerabilities

Posted on Wednesday, July 16, 2008 @ 18:19:25 PDT in Security
by Raven

SECUNIA ADVISORY ID: SA31106

VERIFY ADVISORY: http://secunia.com/advisories/31106/

CRITICAL: Highly critical

IMPACT: Security Bypass, Spoofing, System access

SOFTWARE: Mozilla Firefox 3.x - http://secunia.com/product/19089/

DESCRIPTION: Some vulnerabilities have been reported in Firefox 3, which can be exploited by malicious people to bypass certain security restrictions, potentially conduct spoofing attacks, or compromise a user's system. The vulnerabilities are reported in versions prior to 3.0.1.

1) A vulnerability can be exploited to launch e.g. "file" or "chrome:" URIs in Firefox. For more information see: SA31120

2) Input passed to XUL based error pages is not properly sanitised before being returned to a user and can be exploited to e.g. conduct spoofing attacks. In combination with vulnerability #1 this can be exploited to inject arbitrary script code and execute arbitrary code in "chrome" context, but requires that a specially crafted URI is passed to Firefox and that Firefox is not running.

SOLUTION: Update to version 3.0.1 - http://www.mozilla.com/en-US/firefox/

PROVIDED AND/OR DISCOVERED BY: The vendor credits:
1) Billy Rios
2) Ben Turner and Dan Veditz (Mozilla developers)

ORIGINAL ADVISORY: MFSA 2008-35: http://www.mozilla.org/security/announce/2008/mfsa2008-35.html
 
 
click Related        click Share
 
 
Associated Topics

Internet
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 361,981,497
  • Today: 95,727
Server InfoServer Info
  • Jul 19, 2018
  • 08:11 pm PDT
 
 

Daily Inspiration