[windows2000] Cert Multiple vulnerabilities in Mozilla products

• From: "Jim Kenzig http://thin.net" <jimkenz@xxxxxxxxxxxxxx>
• To: thin@xxxxxxxxxxxxx, windows2000@xxxxxxxxxxxxx
• Date: Mon, 20 Sep 2004 15:41:35 -0400

Thought you were safe because you didn't use IE? Think again!
JK

Multiple vulnerabilities in Mozilla products
Original release date: September 17, 2004
Last revised: --
Source: US-CERT

Systems Affected
Mozilla software, including the following:
Mozilla web browser, email and newsgroup client
Firefox web browser
Thunderbird email client

Overview
Several vulnerabilities exist in the Mozilla web browser and derived
products, the most serious of which could allow a remote attacker to execute
arbitrary code on an affected system.

I. Description
Several vulnerabilities have been reported in the Mozilla web browser and
derived products. More detailed information is available in the individual
vulnerability notes:
VU#414240 <http://www.kb.cert.org/vuls/id/414240> - Mozilla Mail vulnerable
to buffer overflow via writeGroup() function in nsVCardObj.cpp
Mozilla Mail contains a stack overflow vulnerability in the display routines
for VCards. By sending an email message with a crafted VCard, a remote
attacker may be able to execute arbitrary code on the victim's machine with
the privileges of the current user. This can be exploited in the preview
mode as well.
VU#847200 <http://www.kb.cert.org/vuls/id/847200> - Mozilla contains integer
overflows in bitmap image decoder
A vulnerability in the way Mozilla and its derived programs handle certain
bitmap images could allow a remote attacker to execute arbitrary code on a
vulnerable system.
VU#808216 <http://www.kb.cert.org/vuls/id/808216> - Mozilla contains heap
overflow in UTF8 conversion of hostname portion of URLs
A vulnerability in the way Mozilla and its derived programs handle certain
malformed URLs could allow a remote attacker to execute arbitrary code on a
vulnerable system.
VU#125776 <http://www.kb.cert.org/vuls/id/125776> - Multiple buffer
overflows in Mozilla POP3 protocol handler
There are multiple buffer overflow vulnerabilities in the Mozilla POP3
protocol handler that could allow a malicious POP3 server to execute
arbitrary code on the affected system.
VU#327560 <http://www.kb.cert.org/vuls/id/327560> - Mozilla "send page"
feature contains a buffer overflow vulnerability
There is a buffer overflow vulnerability in the Mozilla "send page" feature
that could allow a remote attacker to execute arbitrary code.
VU#651928 <http://www.kb.cert.org/vuls/id/651928> - Mozilla allows arbitrary
code execution via link dragging
A vulnerability affecting Mozilla web browsers may allow violation of
cross-domain scripting policies and possibly execute code originating from a
remote source.

II. Impact
These vulnerabilities could allow a remote attacker to execute arbitrary
code with the privileges of the user running the affected application.
VU#847200 <http://www.kb.cert.org/vuls/id/847200> could also allow a remote
attacker to crash an affected application.

III. Solution
Upgrade to a patched version
Mozilla has released versions of the affected software that contain patches
for these issues:
Mozilla 1.7.3 <http://www.mozilla.org/products/mozilla1.x/>
Firefox Preview Release <http://www.mozilla.org/products/firefox/>
Thunderbird 0.8 <http://www.mozilla.org/products/thunderbird/>
Users are strongly encouraged to upgrade to one of these versions.

Appendix A. References
Mozilla Security Advisory -
<<http://www.mozilla.org/projects/security/known-vulnerabilities.html>>
Mozilla 1.7.2 non-ascii hostname heap overrun, Gaël Delalleau -
<<http://www.zencomsec.com/advisories/mozilla-1.7.2-UTF8link.txt>>
Security Audit of Mozilla's .bmp image parsing, Gaël Delalleau -
<<http://www.zencomsec.com/advisories/mozilla-1.7.2-BMP.txt>>
Security Audit of Mozilla's POP3 client protocol, Gaël Delalleau -
<<http://www.zencomsec.com/advisories/mozilla-1.7.2-POP3.txt>>
US-CERT Vulnerability Note VU#414240 -
<<http://www.kb.cert.org/vuls/id/414240>>
US-CERT Vulnerability Note VU#847200 -
<<http://www.kb.cert.org/vuls/id/847200>>
US-CERT Vulnerability Note VU#808216 -
<<http://www.kb.cert.org/vuls/id/808216>>
US-CERT Vulnerability Note VU#125776 -
<<http://www.kb.cert.org/vuls/id/125776>>
US-CERT Vulnerability Note VU#327560 -
<<http://www.kb.cert.org/vuls/id/327560>>
US-CERT Vulnerability Note VU#651928 -
<<http://www.kb.cert.org/vuls/id/651928>>

Mozilla has assigned credit for reporting of these issue to the following:
VU#414240: Georgi Guninski
VU#847200: Gaël Delalleau
VU#808216: Gaël Delalleau and Mats Palmgren
VU#125776: Gaël Delalleau
VU#327560: Georgi Guninski
VU#651928: Jesse Ruderman

Feedback can be directed to the US-CERT Technical Staff
<mailto:cert@xxxxxxxx?subject=TA04-261A%20Feedback%20VU%23414240%20VU%238472
00%20VU%23808216%20VU%23125776%20VU%23327560%20VU%23651928>.

Copyright 2004 Carnegie Mellon University. Terms of use
<http://www.us-cert.gov/legal.html>

Revision History
Sep 17, 2004: Initial release
********************************************************
This Weeks Sponsor StressedPuppy.com Games
Feeling stressed out? Check out our games to
relieve your stress.
http://www.StressedPuppy.com
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

• Follow-Ups:
  • [windows2000] Re: Cert Multiple vulnerabilities in Mozilla products
    • From: Greg Reese

Other related posts:

• » [windows2000] Cert Multiple vulnerabilities in Mozilla products
• » [windows2000] Re: Cert Multiple vulnerabilities in Mozilla products

1. Home
2. windows2000
3. Archive
4. 09-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---