Mozilla & Firefox - Three Vulnerabilities

Ramona · 2005/02/08

TITLE:
Mozilla / Firefox Three Vulnerabilities

SECUNIA ADVISORY ID:
SA14160

VERIFY ADVISORY:
http://secunia.com/advisories/14160/

CRITICAL:
Less critical

IMPACT:
Security Bypass, Cross Site Scripting, Manipulation of data

WHERE:
>From remote

SOFTWARE:
Mozilla Firefox 1.x
http://secunia.com/product/4227/
Mozilla Firefox 0.x
http://secunia.com/product/3256/
Mozilla 1.7.x
http://secunia.com/product/3691/
Mozilla 1.6
http://secunia.com/product/3101/
Mozilla 1.5
http://secunia.com/product/2478/
Mozilla 1.4
http://secunia.com/product/1481/
Mozilla 1.3
http://secunia.com/product/1480/
Mozilla 1.2
http://secunia.com/product/3100/
Mozilla 1.1
http://secunia.com/product/98/
Mozilla 1.0
http://secunia.com/product/97/
Mozilla 0.x
http://secunia.com/product/772/

DESCRIPTION:
mikx has discovered three vulnerabilities in Mozilla and Firefox,
which can be exploited by malicious people to plant malware on a
user's system, conduct cross-site scripting attacks and bypass
certain security restrictions.

1) Mozilla and Firefox validate an image against the "Content-Type "
HTTP header, but uses the file extension from the URL when saving an
image after a drag and drop event. This can e.g. be exploited to
plant a valid image with an arbitrary file extension and embedded
script code (e.g. .bat file) on the desktop by tricking a user into
performing a certain drag and drop event.

2) Missing URI handler validation when dragging a "javascript:" URL
to another tab can be exploited to execute arbitrary HTML and script
code in a user's browser session in context of an arbitrary site by
tricking a user into dragging a malicious link to another tab.

3) An error in the restriction of URI handlers loaded via plugins can
be exploited to link to certain restricted URIs (e.g. about:config).

This can further be exploited to trick a user into changing some
sensitive configuration settings.

The vulnerabilities have been confirmed in Mozilla 1.7.5 and Firefox
1.0. Other versions may also be affected.

SOLUTION:
The vulnerabilities have been fixed in the CVS repository.

PROVIDED AND/OR DISCOVERED BY:
mikx

ORIGINAL ADVISORY:
1) http://www.mikx.de/index.php?p=8
2) http://www.mikx.de/index.php?p=9
3) http://www.mikx.de/index.php?p=10

OTHER REFERENCES:
1) https://bugzilla.mozilla.org/show_bug.cgi?id=279945
2) https://bugzilla.mozilla.org/show_bug.cgi?id=280056
3) https://bugzilla.mozilla.org/show_bug.cgi?id=280664
Click to expand...

Bmoore1129 · 2005/02/09

Ramona

SOLUTION:
The vulnerabilities have been fixed in the CVS repository.
Click to expand...

What or where is this CVS repository? Is this something we users can do?

I'm glad you keep an eye on these things. We would be lost without your vigilance.

Ramona · 2005/02/09

Bill,

CVS client-server access method lets developers access the latest code from anywhere there's an Internet connection.

CVS isn't for end users, it's for developers, so the Secunia Advisories are misleading in that respect. Developers must run the CVS software in order to access the code.

We will have to wait for a new Security Release from Mozilla/Firefox. Mozilla is very fast to respond to these security vulnerabilities, so I doubt if we have a long wait. If you want to read more about CVS, see this site: What's CVS?

Ramona

Log in or Sign up

Mozilla & Firefox - Three Vulnerabilities

Ramona Geek Member Alumni Thread Starter

Bmoore1129 Geek Member

Ramona Geek Member Alumni Thread Starter

Share This Page

Log in or Sign up

Mozilla & Firefox - Three Vulnerabilities

Ramona Geek Member Alumni Thread Starter

Bmoore1129 Geek Member

Ramona Geek Member Alumni Thread Starter

Share This Page

Useful Searches