[PCWorks] Mozilla Firefox Multiple Vulnerabilities
- From: "Clint Hamilton-OrpheusComputing.com & ComputersCustomBuilt.com" <PCWorks@xxxxxxxxxxxxxxxxxxxxxxxx>
- To: "PCWorks@xxxxxxxxxxxxx" <pcworks@xxxxxxxxxxxxx>
- Date: Sat, 20 Oct 2007 00:18:32 -0500
TITLE:
Mozilla Firefox Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA27311
VERIFY ADVISORY:
http://secunia.com/advisories/27311/
CRITICAL:
Highly critical
IMPACT:
Spoofing, Manipulation of data, Exposure of sensitive
information,
DoS, System access
WHERE:
From remote
SOFTWARE:
Mozilla Firefox 2.0.x
http://secunia.com/product/12434/
DESCRIPTION:
Some vulnerabilities and a weakness have been reported in
Mozilla
Firefox, which can be exploited by malicious people to disclose
sensitive information, conduct phishing attacks, manipulate
certain
data, and potentially compromise a user's system.
1) Various errors in the browser engine can be exploited to
cause a
memory corruption.
2) Various errors in the Javascript engine can be exploited to
cause
a memory corruption.
Successful exploitation of these vulnerabilities may allow
execution
of arbitrary code.
3) An error in the handling of onUnload events can be exploited
to
read and manipulate the document's location of new pages.
4) Input passed to the user ID when making an HTTP request
using
Digest Authentication is not properly sanitised before being
used in
a request. This can be exploited to insert arbitrary HTTP
headers
into a user's request when a proxy is used.
5) An error when displaying web pages written in the XUL markup
language can be exploited to hide the window's title bar and
facilitate phishing attacks.
6) An error exists in the handling of "smb:" and "sftp:" URI
schemes
on Linux systems with gnome-vfs support. This can be exploited
to
read any file owned by the target user via a specially crafted
page
on the same server.
Successful exploitation requires that the attacker has write
access
to a mutually accessible location on the target server and the
user
is tricked into loading the malicious page.
7) An unspecified error in the handling of "XPCNativeWrappers"
can
lead to execution of arbitrary Javascript code with the user's
privileges via subsequent access by the browser chrome (e.g.
when a
user right-clicks to open a context menu).
This is related to vulnerability #6 in:
SA26095
SOLUTION:
Update to version 2.0.0.8.
NOTE: Additional fixes have been added to prevent the
exploitation of
a URI handling vulnerability in Microsoft Windows.
ORIGINAL ADVISORY:
Mozilla:
http://www.mozilla.org/security/announce/2007/mfsa2007-29.html
http://www.mozilla.org/security/announce/2007/mfsa2007-30.html
http://www.mozilla.org/security/announce/2007/mfsa2007-31.html
http://www.mozilla.org/security/announce/2007/mfsa2007-33.html
http://www.mozilla.org/security/announce/2007/mfsa2007-34.html
http://www.mozilla.org/security/announce/2007/mfsa2007-35.html
http://www.mozilla.org/security/announce/2007/mfsa2007-36.html
OTHER REFERENCES:
SA26095:
http://secunia.com/advisories/26095/
=========================
The list's FAQ's can be seen by sending an email to
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.
To unsubscribe, subscribe, set Digest or Vacation to on or off, go to
//www.freelists.org/list/pcworks . You can also send an email to
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your
member list settings can be found at
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have
access to numerous other email options.
The list archives are located at //www.freelists.org/archives/pcworks/ .
All email posted to the list will be placed there in the event anyone needs to
look for previous posts.
Other related posts:
