[PCWorks] Firefox 2 Multiple Vulnerabilities

• From: "Clint Hamilton-PCWorks Admin" <PCWorks@xxxxxxxxxxxxxxxxxxxxxxxx>
• To: "PCWorks@xxxxxxxxxxxxx" <pcworks@xxxxxxxxxxxxx>
• Date: Fri, 14 Nov 2008 06:37:12 -0600

TITLE:
Mozilla Firefox 2 Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA32693

VERIFY ADVISORY:
http://secunia.com/advisories/32693/

CRITICAL:
Highly critical

IMPACT:
Security Bypass, Exposure of system information, Exposure of
sensitive information, System access

WHERE:
From remote

SOFTWARE:
Mozilla Firefox 2.0.x
http://secunia.com/advisories/product/12434/

DESCRIPTION:
Some vulnerabilities have been reported in Mozilla Firefox, 
which can
be exploited by malicious people to disclose sensitive 
information,
bypass certain security restrictions, or compromise a user's 
system.

1) An error in the processing of ".url" shortcuts can be 
exploited to
obtain sensitive information from the local cache.

For more information:
SA32192

2) An error in the handling of HTTP redirect requests can be
exploited to bypass the same-origin policy and access sensitive
information from another domain.

3) An error exists when testing if a Flash module is 
dynamically
unloaded. This can be exploited to dereference memory no longer
mapped to the Flash module via an SWF file that dynamically 
unloads
itself from an outside JavaScript function.

4) An error when locking a non-native object can be exploited 
to
cause a crash via a web page assigning a specially crafted 
value to
the "window.__proto__.__proto__" object.

5) An error in the browser engine can be exploited to cause a 
memory
corruption.

6) Two errors in the JavaScript engine can be exploited to 
cause
memory corruptions.

Successful exploitation of vulnerabilities #3-#6 may allow 
execution
of arbitrary code.

7) An error in the browser's restore feature can be exploited 
to
violate the same-origin policy and run arbitrary JavaScript 
code in
the context of another site.

NOTE: The vulnerability can also be exploited to execute 
arbitrary
JavaScript code with chrome privileges.

8) An error in the processing of the "http-index-format" MIME 
type
can be exploited to execute arbitrary code via a specially 
crafted
200 header line included in an HTTP index response.

9) An error in the DOM constructing code can be exploited to
dereference uninitialized memory and potentially execute 
arbitrary
code by modifying certain properties of a file input element 
before
the element has finished initializing.

10) An error in the implementation of the
"nsXMLHttpRequest::NotifyEventListeners()" method can be 
exploited to
execute arbitrary JavaScript code in the context of another 
site.

11) An error when handling the "-moz-binding" CSS property can 
be
exploited to manipulate signed JAR files and execute arbitrary
JavaScript code in the context of another site.

12) An error exists when parsing the default XML namespace of 
an E4X
document. This can be exploited to inject arbitrary XML code 
via a
specially crafted namespace containing quote characters.

The vulnerabilities are reported in versions prior to 2.0.0.18.

SOLUTION:
Update to version 2.0.0.18.
http://www.mozilla.com/en-US/firefox/all-older.html

ORIGINAL ADVISORY:
http://www.mozilla.org/security/announce/2008/mfsa2008-47.html
http://www.mozilla.org/security/announce/2008/mfsa2008-48.html
http://www.mozilla.org/security/announce/2008/mfsa2008-49.html
http://www.mozilla.org/security/announce/2008/mfsa2008-50.html
http://www.mozilla.org/security/announce/2008/mfsa2008-52.html
http://www.mozilla.org/security/announce/2008/mfsa2008-53.html
http://www.mozilla.org/security/announce/2008/mfsa2008-54.html
http://www.mozilla.org/security/announce/2008/mfsa2008-55.html
http://www.mozilla.org/security/announce/2008/mfsa2008-56.html
http://www.mozilla.org/security/announce/2008/mfsa2008-57.html
http://www.mozilla.org/security/announce/2008/mfsa2008-58.html

OTHER REFERENCES:
SA32192:
http://secunia.com/advisories/32192/


=========================
The list's FAQ's can be seen by sending an email to 
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.

To unsubscribe, subscribe, set Digest or Vacation to on or off, go to 
//www.freelists.org/list/pcworks .  You can also send an email to 
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line.  Your 
member list settings can be found at 
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks .  Once logged in, you have 
access to numerous other email options.  

The list archives are located at //www.freelists.org/archives/pcworks/ .  
All email posted to the list will be placed there in the event anyone needs to 
look for previous posts.
-zxdjhu-

Other related posts:

• » [PCWorks] Firefox 2 Multiple Vulnerabilities
• » [PCWorks] Firefox 2 Multiple Vulnerabilities - Clint Hamilton-PCWorks Admin
• » [PCWorks] Firefox 2 Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin

1. Home
2. pcworks
3. Archive
4. 11-2008

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---