TITLE: Mozilla Firefox Multiple Vulnerabilities SECUNIA ADVISORY ID: SA29526 VERIFY ADVISORY: http://secunia.com/advisories/29526/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, System access WHERE: From remote SOFTWARE: Mozilla Firefox 2.0.x http://secunia.com/product/12434/ DESCRIPTION: Some vulnerabilities and weaknesses have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, conduct cross-site scripting and phishing attacks, and potentially compromise a user's system. 1) An unspecified error in the handling of "XPCNativeWrappers" can lead to the execution of arbitrary Javascript code with the user's privileges via "setTimeout()" calls. This is related to vulnerability #7 in: SA27311 2) Various errors in the handling of Javascript code can be exploited to conduct cross-site scripting attacks or execute arbitrary code. 3) Various errors in the layout engine can be exploited to cause a memory corruption. 4) Various errors in the Javascript engine can be exploited to cause a memory corruption. Successful exploitation of these vulnerabilities may allow execution of arbitrary code. 5) An error within the handling of HTTP "Referer:" headers sent with requests to URLs containing "Basic Authentication" credentials having an empty username can be exploited to bypass cross-site request forgery protections. 6) The problem is that Firefox offers a previously configured private SSL certificate when establishing connections to webservers requesting SSL Client Authentication. This can potentially be exploited to disclose sensitive information via a malicious webserver. 7) An error in the handling of the "jar:" protocol can be exploited to establish connections to arbitrary ports on the local machine. This is related to vulnerability #10 in: SA29239 8) An error when displaying XUL pop-up windows can be exploited to hide the window's borders and facilitate phishing attacks. The vulnerabilities are reported in versions prior to 2.0.0.13. SOLUTION: Update to version 2.0.0.13. ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2008/mfsa2008-14.html http://www.mozilla.org/security/announce/2008/mfsa2008-15.html http://www.mozilla.org/security/announce/2008/mfsa2008-16.html http://www.mozilla.org/security/announce/2008/mfsa2008-17.html http://www.mozilla.org/security/announce/2008/mfsa2008-18.html http://www.mozilla.org/security/announce/2008/mfsa2008-19.html OTHER REFERENCES: SA27311: http://secunia.com/advisories/27311/ SA29239: http://secunia.com/advisories/29239/ ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts.