|
Mozilla Firefox / Seamonkey "resource://" Information Disclosure
|
|
|
|
|
Secunia Advisory:
|
SA25481
|
|
|
Release Date:
|
2007-06-01
|
|
Last Update:
|
2007-06-12
|
|
|
Critical:
|
Not critical
|
|
Impact:
|
Exposure of system information
Exposure of sensitive information
|
|
Where:
|
From remote
|
|
Solution Status:
|
Unpatched
|
|
| Software: | Mozilla Firefox 1.x
Mozilla Firefox 2.0.x
Mozilla SeaMonkey 1.0.x
Mozilla SeaMonkey 1.1.x
|
| | CVE reference: | CVE-2007-3072 (Secunia mirror)
CVE-2007-3073 (Secunia mirror)
CVE-2007-3074 (Secunia mirror)
|
|
|
This advisory is currently marked as unpatched!
- Companies can be alerted when a patch is released! |
|
|
Description:
A security issue has been reported in Mozilla Firefox and Mozilla Seamonkey, which can be exploited by malicious people to disclose potentially sensitive information.
The security issue is caused due to the browser not properly restricting "resource://" URIs to be loaded into the JavaScript space. Combined with directory traversal due to insufficient filtering of certain character sequences, this can be exploited to disclose e.g. the default security settings.
Note: The directory traversal is fixed in Mozilla Firefox version 2.0.0.4 for Windows. However it is still possible to include files from the installation folder. Also, the directory traversal issue is not fixed for UNIX-like operating systems. Reportedly, this also introduces a new, unspecified input validation flaw.
Solution:
Visit trusted sites only.
Provided and/or discovered by:
Loading of settings first demonstrated in a Proof of Concept by Sergey Vzloman.
Directory traversal reported in Mozilla bugs by shutdown and Boris Zbarsky.
Changelog:
2007-06-12: Added CVE references.
Original Advisory:
http://ha.ckers.org/blog/20070516/read-firefox-settings-poc/
Mozilla Bug 367428:
https://bugzilla.mozilla.org/show_bug.cgi?id=367428
Mozilla Bug 380994:
https://bugzilla.mozilla.org/show_bug.cgi?id=380994
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
71 Related Secunia Security Advisories, displaying 10
|
|
|
1. Mozilla SeaMonkey Javascript Garbage Collector Vulnerability
|
|
2. Mozilla Firefox Javascript Garbage Collector Vulnerability
|
|
3. Mozilla SeaMonkey Multiple Vulnerabilities
|
|
4. Mozilla Firefox Multiple Vulnerabilities
|
|
5. Mozilla SeaMonkey Multiple Vulnerabilities
|
|
6. Mozilla Firefox Multiple Vulnerabilities
|
|
7. Mozilla Firefox "chrome:" Directory Traversal Security Issue
|
|
8. Firefox Charset Inheritance Cross-Site Scripting Security Issue
|
|
9. SeaMonkey Multiple Vulnerabilities
|
|
10. Mozilla Firefox Multiple Vulnerabilities
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
