Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
Mozilla Firefox Multiple Flaws Permit Remote Code Execution, Information Disclosure, and Cross-Site Scripting Attacks
|
|
SecurityTracker Alert ID: 1026605 |
|
SecurityTracker URL: http://securitytracker.com/id/1026605
|
|
CVE Reference:
CVE-2011-3659, CVE-2012-0442, CVE-2012-0443, CVE-2012-0444, CVE-2012-0445, CVE-2012-0446, CVE-2012-0447, CVE-2012-0449, CVE-2012-0450
(Links to External Site)
|
Updated: Feb 1 2012
|
Original Entry Date: Feb 1 2012
|
Impact:
Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 3.2.26; prior to 10.0
|
Description:
Multiple vulnerabilities were reported in Mozilla Firefox. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can conduct cross-site scripting attacks. A remote user can obtain cross-domain information. A local user can obtain potentially sensitive information.
A remote user can create a specially crafted content that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target user's system [CVE-2012-0442, CVE-2012-0443]. The code will run with the privileges of the target user.
A remote user can bypass HTML5 frame navigation controls, replacing a sub-frame in a target domain's document by using the name attribute of the sub-frame as a form submission target [CVE-2012-0445]. Version 3.6 is not affected.
In certain situations, a removed child node of nsDOMAttribute can be accessed [CVE-2011-3659].
Frame scripts can bypass XPConnect security checks when calling untrusted objects, allowing a remote user to conduct cross-site scripting attacks via web pages and Firefox extensions [CVE-2012-0446].
The 'image/vnd.microsoft.icon' output may include uninitialized memory [CVE-2012-0447]. A remote user may be able to access potentially sensitive data, such as when a PNG image is converted from an ICO format. Version 3.6 is not affected.
A remote user can create a specially crafted Ogg Vorbis file that, when loaded by the target user, will trigger a memory corruption error and potentially execute arbitrary code on the target user's system [CVE-2012-0444].
A remote user can create a specially crafted embedded XSLT stylesheet that, when loaded by the target user, will trigger a memory corruption error and potentially execute arbitrary code on the target user's system [CVE-2012-0449].
When a user exports their Firefox Sync key, the "Firefox Recovery Key.html" file is created with unsafe permissions [CVE-2012-0450]. A local user on Linux/UNIX-based systems may be able to read the file. Version 3.6 is not affected.
Ben Hawkes, Christian Holler, Honza Bombas, Jason Orendorff, Jesse Ruderman, Jan Odvarko, Peter Van Der Beken, Bill McCloskey, Bob Clary, Alex Dvorov, regenrecht (via TippingPoint's Zero Day Initiative), moz_bug_r_a4, Tim Abraldes, Nicolas Gregoire, Aki Helin, and magicant starmen reported these vulnerabilities.
|
Impact:
A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with an arbitrary site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
A remote user can obtain potentially sensitive information from other domains.
A local user can obtain potentially sensitive information.
|
Solution:
The vendor has issued a fix (3.6.26, 10.0).
The vendor's advisories are available at:
http://www.mozilla.org/security/announce/2012/mfsa2012-01.html
http://www.mozilla.org/security/announce/2012/mfsa2012-03.html
http://www.mozilla.org/security/announce/2012/mfsa2012-04.html
http://www.mozilla.org/security/announce/2012/mfsa2012-05.html
http://www.mozilla.org/security/announce/2012/mfsa2012-06.html
http://www.mozilla.org/security/announce/2012/mfsa2012-07.html
http://www.mozilla.org/security/announce/2012/mfsa2012-08.html
http://www.mozilla.org/security/announce/2012/mfsa2012-09.html
|
Vendor URL: www.mozilla.org/security/announce/2012/mfsa2012-01.html (Links to External Site)
|
Cause:
Access control error, Boundary error, Input validation error
|
Underlying OS:
Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Wed, 01 Feb 2012 02:43:34 +0000
Subject: Mozilla Firefox
|
http://www.mozilla.org/security/announce/2012/mfsa2012-01.html
http://www.mozilla.org/security/announce/2012/mfsa2012-03.html
http://www.mozilla.org/security/announce/2012/mfsa2012-04.html
http://www.mozilla.org/security/announce/2012/mfsa2012-05.html
http://www.mozilla.org/security/announce/2012/mfsa2012-06.html
http://www.mozilla.org/security/announce/2012/mfsa2012-07.html
http://www.mozilla.org/security/announce/2012/mfsa2012-08.html
http://www.mozilla.org/security/announce/2012/mfsa2012-09.html
CVE-2011-3659
CVE-2012-0442
CVE-2012-0443
CVE-2012-0444
CVE-2012-0445
CVE-2012-0446
CVE-2012-0447
CVE-2012-0449
CVE-2012-0450
|
|
Go to the Top of This SecurityTracker Archive Page
|
