Thread-topic: Mozilla Firefox Multiple Vulnerabilities
> Mozilla Firefox Multiple Vulnerabilities
> SECUNIA ADVISORY ID:
> VERIFY ADVISORY:
> Highly critical
> Spoofing, Manipulation of data, Exposure of sensitive information,
> DoS, System access
> From remote
> Mozilla Firefox 2.0.x
> Some vulnerabilities and a weakness have been reported in Mozilla
> Firefox, which can be exploited by malicious people to disclose
> sensitive information, conduct phishing attacks, manipulate certain
> data, and potentially compromise a user's system.
> 1) Various errors in the browser engine can be exploited to cause a
> memory corruption.
> a memory corruption.
> Successful exploitation of these vulnerabilities may allow execution
> of arbitrary code.
> 3) An error in the handling of onUnload events can be exploited to
> read and manipulate the document's location of new pages.
> 4) Input passed to the user ID when making an HTTP request using
> Digest Authentication is not properly sanitised before being used in
> a request. This can be exploited to insert arbitrary HTTP headers
> into a user's request when a proxy is used.
> 5) An error when displaying web pages written in the XUL markup
> language can be exploited to hide the window's title bar and
> facilitate phishing attacks.
> 6) An error exists in the handling of "smb:" and "sftp:" URI schemes
> on Linux systems with gnome-vfs support. This can be exploited to
> read any file owned by the target user via a specially crafted page
> on the same server.
> Successful exploitation requires that the attacker has write access
> to a mutually accessible location on the target server and the user
> is tricked into loading the malicious page.
> 7) An unspecified error in the handling of "XPCNativeWrappers" can
> privileges via subsequent access by the browser chrome (e.g. when a
> user right-clicks to open a context menu).
> This is related to vulnerability #6 in:
> Update to version 18.104.22.168.
> NOTE: Additional fixes have been added to prevent the exploitation of
> a URI handling vulnerability in Microsoft Windows.
> For more information:
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits:
> 1) L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson,
> Olli Pettay, Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz, and
> Martijn Wargers
> 2) Igor Bukanov, Eli Friedman, and Jesse Ruderman
> 3) Michal Zalewski
> 4) Stefano Di Paola
> 5) Eli Friedman
> 6) Georgi Guninski
> 7) moz_bug_r_a4
> ORIGINAL ADVISORY:
> OTHER REFERENCES: