Thread-topic: [SA21906] Mozilla Firefox Multiple Vulnerabilities
óÉÓÔÅÍÁÔÉÚÁÃÉÑ ÕÑÚ×ÉÍÏÓÔÅÊ
> ----------------------------------------------------------------------
>
> TITLE:
> Mozilla Firefox Multiple Vulnerabilities
>
> SECUNIA ADVISORY ID:
> SA21906
>
> VERIFY ADVISORY:
>
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> Security Bypass, Cross Site Scripting, Spoofing, DoS, System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Mozilla Firefox 1.x
>
> Mozilla Firefox 0.x
>
>
> DESCRIPTION:
> Some vulnerabilities have been reported in Mozilla Firefox, which can
> be exploited by malicious people to conduct man-in-the-middle,
> spoofing, and cross-site scripting attacks, and potentially
> compromise a user's system.
>
> 1) An error in the handling of JavaScript regular expressions
> containing a minimal quantifier can be exploited to cause a
> heap-based buffer overflow.
>
> Successful exploitation may allow execution of arbitrary code.
>
> 2) The auto-update mechanism uses SSL to communicate securely. The
> problem is that users may have accepted an unverifiable self-signed
> certificate when visiting a web site, which will allow an attacker to
> redirect the update check to a malicious web site in a
> man-in-the-middle attack.
>
> 3) Some time-dependent errors during text display can be exploited to
> corrupt memory.
>
> Successful exploitation may allow execution of arbitrary code.
>
> This is related to:
> SA21513
>
> 4) An error exists within the verification of certain signatures in
> the bundled Network Security Services (NSS) library.
>
> For more information:
> SA21903
>
> 5) An error in the cross-domain handling can be exploited to inject
> arbitrary HTML and script code in a sub-frame of another web site via
> a "[window].frames[index].document.open()" call.
>
> 6) An error exists due to blocked popups opened from the status bar
> via the "blocked popups" functionality being opened in an incorrect
> context in certain situations. This may be exploited to execute
> arbitrary HTML and script code in a user's browser session in context
> of an arbitrary web site.
>
> 7) Some unspecified memory corruption errors may be exploited to
> execute arbitrary code.
>
> SOLUTION:
> Update to version 1.5.0.7.
>
>
> PROVIDED AND/OR DISCOVERED BY:
> 1) Priit Laes, CanadianGuy, Girts Folkmanis, and Catalin Patulea
> 2) Jon Oberheide
> 3) Jonathan Watt and Michal Zalewski
> 4) Philip Mackenzie and Marius Schilder, Google
> 5-6) shutdown
> 7) Bernd Mielke, Georgi Guninski, Igor Bukanov, Jesse Ruderman,
> Martijn Wargers, Mats Palmgren, Olli Pettay, shutdown, and Weston
> Carloss
>
> ORIGINAL ADVISORY:
> 1)
> 2)
> 3)
> 4)
> 5)
> 6)
> 7)
>
> OTHER REFERENCES:
> SA21513:
>
>
> SA21903:
>
>
