Security-Alerts mailing list archive (security-alerts@yandex-team.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[security-alerts] FW: [SA28758] Mozilla Firefox Multiple Vulnerabilities
> ----------------------------------------------------------------------
>
> TITLE:
> Mozilla Firefox Multiple Vulnerabilities
>
> SECUNIA ADVISORY ID:
> SA28758
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/28758/
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> Security Bypass, Cross Site Scripting, Spoofing, Exposure of
> sensitive information, DoS, System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Mozilla Firefox 2.0.x
> http://secunia.com/product/12434/
>
> DESCRIPTION:
> Some vulnerabilities and weaknesses have been reported Mozilla
> Firefox, which can be exploited by malicious people to disclose
> sensitive information, bypass certain security restrictions, conduct
> spoofing attacks, or to compromise a user's system.
>
> 1) Various errors in the browser engine can be exploited to cause a
> memory corruption.
>
> 2) Various errors in the Javascript engine can be exploited to cause
> a memory corruption.
>
> Successful exploitation of these vulnerabilities may allow execution
> of arbitrary code.
>
> 3) A weakness is caused due to a design error within the focus
> handling and can potentially be exploited to trick a user into
> uploading arbitrary files.
>
> This is related to:
> SA25904
>
> 4) An error in the Javascript engine can be exploited to run
> Javascript code with "chrome" privileges.
>
> 5) An error in the Javascript engine can be exploited to bypass the
> same-origin policy via the "XMLDocument.load()" function.
>
> 6) An error exists in the handling of images when a user leaves a
> page, which uses "designMode" frames. This can be exploited to
> disclose the user's navigation history, forward navigation
> information, and to cause a memory corruption.
>
> Successful exploitation of this vulnerability may allow execution of
> arbitrary code.
>
> 7) A design error related to timer-enabled dialogs can be exploited
> to trick a user into unintentionally confirming a security dialog.
>
> 8) The problem is that Firefox follows "302" redirects for
> stylesheets and allows reading the target URL via
> "element.sheet.href". This can potentially be exploited to disclose
> sensitive URL parameters.
>
> The vulnerabilities are reported in versions prior to 2.0.0.12.
>
> SOLUTION:
> Update to version 2.0.0.12.
> http://www.mozilla.com/en-US/firefox/2.0.0.12/releasenotes/#download
>
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits:
> 1) Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, and
> Paul Nickerson
> 2) Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4,
> shutdown, Philip Taylor, and tgirmann
> 3) hong and Gregory Fleisher
> 4) moz_bug_r_a4 and Boris Zbarsky
> 5) moz_bug_r_a4
> 6) David Bloom
> 7) Michal Zalewski
> 8) Martin Straka
>
> ORIGINAL ADVISORY:
> Mozilla Foundation:
> http://www.mozilla.org/security/announce/2008/mfsa2008-01.html
> http://www.mozilla.org/security/announce/2008/mfsa2008-02.html
> http://www.mozilla.org/security/announce/2008/mfsa2008-03.html
> http://www.mozilla.org/security/announce/2008/mfsa2008-05.html
> http://www.mozilla.org/security/announce/2008/mfsa2008-06.html
> http://www.mozilla.org/security/announce/2008/mfsa2008-08.html
> http://www.mozilla.org/security/announce/2008/mfsa2008-10.html
>
> OTHER REFERENCES:
> SA25904:
> http://secunia.com/advisories/25904/
>
|
