[PCWorks] Mozilla Firefox Multiple Vulnerabilities
- From: "Clint Hamilton-PCWorks Admin-OrpheusComputing.com & ComputersCustomBuilt.com" <PCWorks@xxxxxxxxxxxxxxxxxxxxxxxx>
- To: "PCWorks@xxxxxxxxxxxxx" <pcworks@xxxxxxxxxxxxx>
- Date: Thu, 27 Mar 2008 09:47:57 -0500
TITLE:
Mozilla Firefox Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA29526
VERIFY ADVISORY:
http://secunia.com/advisories/29526/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Exposure of
sensitive information, System access
WHERE:
From remote
SOFTWARE:
Mozilla Firefox 2.0.x
http://secunia.com/product/12434/
DESCRIPTION:
Some vulnerabilities and weaknesses have been reported in
Mozilla
Firefox, which can be exploited by malicious people to bypass
certain
security restrictions, disclose potentially sensitive
information,
conduct cross-site scripting and phishing attacks, and
potentially
compromise a user's system.
1) An unspecified error in the handling of "XPCNativeWrappers"
can
lead to the execution of arbitrary Javascript code with the
user's
privileges via "setTimeout()" calls.
This is related to vulnerability #7 in:
SA27311
2) Various errors in the handling of Javascript code can be
exploited
to conduct cross-site scripting attacks or execute arbitrary
code.
3) Various errors in the layout engine can be exploited to
cause a
memory corruption.
4) Various errors in the Javascript engine can be exploited to
cause
a memory corruption.
Successful exploitation of these vulnerabilities may allow
execution
of arbitrary code.
5) An error within the handling of HTTP "Referer:" headers sent
with
requests to URLs containing "Basic Authentication" credentials
having
an empty username can be exploited to bypass cross-site request
forgery protections.
6) The problem is that Firefox offers a previously configured
private
SSL certificate when establishing connections to webservers
requesting
SSL Client Authentication. This can potentially be exploited to
disclose sensitive information via a malicious webserver.
7) An error in the handling of the "jar:" protocol can be
exploited
to establish connections to arbitrary ports on the local
machine.
This is related to vulnerability #10 in:
SA29239
8) An error when displaying XUL pop-up windows can be exploited
to
hide the window's borders and facilitate phishing attacks.
The vulnerabilities are reported in versions prior to 2.0.0.13.
SOLUTION:
Update to version 2.0.0.13.
ORIGINAL ADVISORY:
http://www.mozilla.org/security/announce/2008/mfsa2008-14.html
http://www.mozilla.org/security/announce/2008/mfsa2008-15.html
http://www.mozilla.org/security/announce/2008/mfsa2008-16.html
http://www.mozilla.org/security/announce/2008/mfsa2008-17.html
http://www.mozilla.org/security/announce/2008/mfsa2008-18.html
http://www.mozilla.org/security/announce/2008/mfsa2008-19.html
OTHER REFERENCES:
SA27311:
http://secunia.com/advisories/27311/
SA29239:
http://secunia.com/advisories/29239/
=========================
The list's FAQ's can be seen by sending an email to
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.
To unsubscribe, subscribe, set Digest or Vacation to on or off, go to
//www.freelists.org/list/pcworks . You can also send an email to
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your
member list settings can be found at
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have
access to numerous other email options.
The list archives are located at //www.freelists.org/archives/pcworks/ .
All email posted to the list will be placed there in the event anyone needs to
look for previous posts.
Other related posts:
