Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading
Highly critical

Mozilla Firefox Multiple Vulnerabilities

-

Release Date:  2009-06-12    Views:  15,978

Secunia Advisory SA35331

Where:

From remote

Impact:

Security Bypass, Spoofing, Exposure of sensitive information, DoS, System access

Solution Status:

Vendor Patch

CVE Reference(s):

Description


Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or to compromise a vulnerable system.

1) A race condition exists when accessing the private data of an NPObject JS wrapper class object if navigating away from a web page while loading a Java applet. This can be exploited via a specially crafted web page to use already freed memory.

Successful exploitation may allow execution of arbitrary code.

This vulnerability is confirmed in Firefox 3.0.7, 3.0.8, and 3.0.9 for Windows with Java JRE 6 Update 13 including npjp2.dll version 6.0.130.3. Other versions may also be affected.

2) Multiple errors in the browser engine can be exploited to corrupt memory and potentially execute arbitrary code.

3) An unspecified error can be exploited to trigger double frame constructions, which could corrupt memory. This can potentially be exploited to execute arbitrary code.

4) Multiple errors in the JavaScript engine can be exploited to corrupt memory and potentially execute arbitrary code.

5) An error in the handling of certain invalid unicode characters, when used as part of an IDN (internationalized domain name), can be exploited to spoof the location bar.

6) An error in the handling of "file:" URIs can be exploited to access any domain's cookies saved on the local machine.

Successful exploitation requires that a user downloads and opens a specially crafted HTML file.

7) An error in the handling of non-200 responses after a CONNECT request to a proxy can be exploited to execute arbitrary HTML and script code in the requested SSL-protected domain.

Successful exploitation requires a MitM (Man-in-the-Middle) attack and that the victim uses a proxy.

8) The owner document of an element can become null after garbage collection. This can be exploited via event handlers to execute arbitrary Javascript code with chrome privileges.

9) An error when loading a "file:" resource via the location bar can potentially be exploited to access the content of other local files, which would normally be protected.

Successful exploitation requires that a victim downloads a specially crafted document, and opens a local file before opening the malicious document in the same browser window.

10) A security issue exists due to improper checks of content-loading policies before loading external script files into XUL documents.

11) A vulnerability exists due to an error when a chrome privileged object (e.g. the browser sidebar or the FeedWriter) interacts with web content. This can be exploited to execute arbitrary code with an object's chrome privileges.


Solution:
Update to version 3.0.11.

Provided and/or discovered by:
1) Jakob Balle and Carsten Eiram, Secunia Research

The vendor credits:
2) Bob Clary, Jesse Ruderman, Alexander Sack, Bret McMillan, Tomeo Vizoso, Matt McCutchen, and Martijn Wargers
3) Boris Zbarsky
4) Jesse Ruderman, Adam Hauner, and Igor Bukanov
5) Pavel Cvrcek
6) Gregory Fleischer
7) Shuo Chen, Ziqing Mao, Yi-Min Wang, and Ming Zhang
8, 11) moz_bug_r_a4
9) Adam Barth and Collin Jackson
10) Wladimir Palant

Original Advisory:
Secunia Research:
http://secunia.com/secunia_research/2009-19/

Mozilla Foundation:
http://www.mozilla.org/security/announce/2009/mfsa2009-24.html
http://www.mozilla.org/security/announce/2009/mfsa2009-25.html
http://www.mozilla.org/security/announce/2009/mfsa2009-26.html
http://www.mozilla.org/security/announce/2009/mfsa2009-27.html
http://www.mozilla.org/security/announce/2009/mfsa2009-28.html
http://www.mozilla.org/security/announce/2009/mfsa2009-29.html
http://www.mozilla.org/security/announce/2009/mfsa2009-30.html
http://www.mozilla.org/security/announce/2009/mfsa2009-31.html
http://www.mozilla.org/security/announce/2009/mfsa2009-32.html

Deep Links:
Links available to Secunia VIM customers

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Mozilla Firefox Multiple Vulnerabilities

No posts yet

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability