SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Web Browser)  >  Mozilla Firefox Vendors:  Mozilla.org
Firefox Various Overflows and Scripting Errors May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1011318
SecurityTracker URL:  http://securitytracker.com/id?1011318
CVE Reference:  CAN-2004-0902 ,  CAN-2004-0903 ,  CAN-2004-0904 ,  CAN-2004-0905 ,  CAN-2004-0906 ,  CAN-2004-0907 ,  CAN-2004-0908 ,  CAN-2004-0909   (Links to External Site)
Updated:  Sep 26 2004
Original Entry Date:  Sep 16 2004
Impact:  Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes   Exploit Included:  Yes   Vendor Confirmed:  Yes  
Version(s): prior to 1.0 Preview Release
Description:  Several vulnerabilities were reported in Mozilla, Thunderbird, and Firefox. In some of the vulnerabilities, a remote user may be able to execute arbitrary code on the target user's system.

The vendor and various researchers reported ten separate vulnerabilities in Mozilla, Thuderbird, and Firefox.

Georgi Guninski reported a heap overflow vulnerability in 'nsMsgCompUtils.cpp' that may allow a remote user to cause arbitrary code to be executed on the target user's computer [Known security vulnerability #93]. The "send page" function does not properly handle long HTTP URLs. Arbitrary code may be executed if a target user attempts to send an e-mail (such as forwarding a message) that contains a specially crafted link. The original bug report is available at:

http://bugzilla.mozilla.org/show_bug.cgi?id=258005

Wladimir Palant reported that a remote user can create specially crafted javascript code that, when executed by the target user, will be able to access the clipboard on the target user's system [Known security vulnerability #92]. The code can read from and write to the clipboard. The flaw resides in 'nsXBLPrototypeHandler.cpp'.

A demonstration exploit of reading from the clipboard is available at:

http://bugzilla.mozilla.org/attachment.cgi? id=157492&action=view

A demonstration of writing to the clipboard is available at:

http://bugzilla.mozilla.org/attachment.cgi?id=157493&action=view

The original bug report is available at:

http://bugzilla.mozilla.org/show_bug.cgi?id=257523

Jesse Ruderman reported that a remote user can create a signed script that can construct a specially crafted privilege request designed to confuse the target user into granting elevated privileges to the code [Known security vulnerability #91]. The script can invoke enablePrivilege() and supply a parameter containing spaces and English language words to alter the meaning of sentences in the dialog box.

A demonstration exploit is available at:

http://bugzilla.mozilla.org/attachment.cgi?id=154932&action=view

A demonstration exploit screenshot is available at:

http://bugzilla.mozilla.org/attachment.cgi?id=154933&action=view

The original bug report is available at:

http://bugzilla.mozilla.org/show_bug.c gi?id=253942

Georgi Guninski reported that there is a buffer overflow in the processing of VCards [Known security vulnerability #90]. A specially crafted VCard can trigger a stack overflow and execute arbitary code when the VCard is displayed. The flaw resides in 'addrbook/src/nsVCardObj.cpp'.

A demonstration exploit VCard is available at:

http://bugzilla.mozilla.org/attachment.cgi?id=157317&action=view

The original bug report is available at:

http://bugzilla.mozilla.org/show_bug.cgi?id=257314

Gael Delalleau reported an integer overflow in the processing of BMP images [Known security vulnerability #89]. A remote user can create a specially crafted bitmap image that, when loaded by the target user, will trigger the overflow and potentially execute arbitrary code with the privileges of the target user. The original advisory is available at:

http://www.zencomsec.com/advisories/mozilla-1.7.2-BMP.txt

Jesse Ruderman also reported a cross-domain scripting vulnerability [Known security vulnerability #88]. A remote user may be able to create javascript links that, when dragged onto another frame or another page, will execute in the security context of the target location. If the target user drags two links in sequence into a separate window, the code may be able to launch an arbitrary program with the privileges of the target user.

The original bug report is available at:

http://bugzilla.mozilla.org/show_bug.cgi?id=250862

Mats Palmgren and Gael Delalleau reported that a remote user can create a link containing non-ASCII characters in the hostname that, when loaded by the target user, will trigger a heap buffer overflow [Known security vulnerability #87]. It may be possible to execute arbitrary code with the privileges of the target user.

The original advisory is available at:

http://www.zencomsec.com/advisories/mozilla-1.7.2-UTF8link.txt


Ga el Delalleau reported that a remote POP3 mail server can send a specially crafted POP3 response to a connected client to trigger a buffer overflow and execute arbitrary code [Known security vulnerability #86].

The advisory is available at:

http://www.zencomsec.com/advisories/mozilla-1.7.2-POP 3.txt

The bug reports are available at:

http://bugzilla.mozilla.org/show_bug.cgi?id=245066
http://bugzilla.mozilla.org/show_bug.cgi?id=226669

Daniel Koukola and Andrew Schultz reported that, on Linux systems, the software may install with world-writeable and world-readable permissions [Known security vulnerability #85]. A local user can modify the files.

The original bug reports are available at:

http://bugzilla.mozilla.org/show_bug.cgi?id=23108 3
http://bugzilla.mozilla.org/show_bug.cgi?id=235781

Harald Milz reported that, on Linux systems, the software may install with incorrect file owner and permission settings if the user ignores their umask setting or has an overly permissive umask setting when expanding the installation archive [Known security vulnerability #84]. A local user may be able to modify the files. The bug report is available at:

http://bugzilla.mozilla.org/show_bug.cgi?id=254303
Impact:  A remote user can execute arbitrary code on the target user's system with the privileges of the target user.

A remote user can run scripting code in the context of an arbitrary domain.
Solution:  The vendor has released fixed versions (Mozilla 1.7.3, Thunderbird 0.8, and Firefox 1.0 Preview Release), available at:

http://www.mozilla.org/
Vendor URL:  www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 (Links to External Site)
Cause:  Access control error, Boundary error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Sep 21 2004 (Gentoo Issues Fix) Firefox Various Overflows and Scripting Errors May Let Remote Users Execute Arbitrary Code   (Thierry Carrez <koon@gentoo.org>)
Gentoo has released a fix.


 Source Message Contents
Date:  Tue, 14 Sep 2004 00:00:00 -0000
Subject:  http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3

 
 
 
> Fixed in Firefox Preview Release, Mozilla 1.7.3, Thunderbird 0.8


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC