SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Mozilla Firefox Vendors:   Mozilla.org
(Red Hat Issues Fix) Mozilla Firefox Input Validation Hole in jar: Protocol Handler Permits Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1018993
SecurityTracker URL:  http://securitytracker.com/id/1018993
CVE Reference:   CVE-2007-5947   (Links to External Site)
Date:  Nov 27 2007
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.0.0.9
Description:   A vulnerability was reported in Mozilla Firefox. A remote user can conduct cross-site scripting attacks.

The jar: protocol handler does not properly validate the MIME types of archive contents. A remote user can upload a specially crafted zip file (or certain other files). Then, when the target user loads a jar: URL that points to the zip file, arbitrary scripting code will be executed by the target user's browser. The code will originate from the site permitting the file upload and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Jesse Ruderman, pdp, and beford.org separately reported this vulnerability.

The original reports are available at:

https://bugzilla.mozilla.org/show_bug.cgi?id=369814
http://www.gnucitizen.org/blog/web-mayhem-firefoxs-jar-protocol-issues

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with an arbitrary site that allows certain types of file uploads, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:   Red Hat has released a fix.

The Red Hat advisory is available at:

https://rhn.redhat.com/errata/RHSA-2007-1082.html

Vendor URL:  www.mozilla.org/security/announce/2007/mfsa2007-37.html (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Red Hat Enterprise)
Underlying OS Comments:  4, 5

Message History:   This archive entry is a follow-up to the message listed below.
Nov 9 2007 Mozilla Firefox Input Validation Hole in jar: Protocol Handler Permits Cross-Site Scripting Attacks



 Source Message Contents

Subject:  [RHSA-2007:1082-01] Critical: firefox security update


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Critical: firefox security update
Advisory ID:       RHSA-2007:1082-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-1082.html
Issue date:        2007-11-26
Updated on:        2007-11-26
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-5947 CVE-2007-5959 CVE-2007-5960 
- ---------------------------------------------------------------------

1. Summary:

Updated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux AS version 4.5.z - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux ES version 4.5.z - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

Mozilla Firefox is an open source Web browser.

A cross-site scripting flaw was found in the way Firefox handled the
jar: URI scheme. It was possible for a malicious website to leverage this
flaw and conduct a cross-site scripting attack against a user running
Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed certain malformed web
content. A webpage containing malicious content could cause Firefox to
crash, or potentially execute arbitrary code as the user running Firefox.
(CVE-2007-5959)

A race condition existed when Firefox set the "window.location" property
for a webpage. This flaw could allow a webpage to set an arbitrary Referer
header, which may lead to a Cross-site Request Forgery (CSRF) attack
against websites that rely only on the Referer header for protection.
(CVE-2007-5960)

Users of Firefox are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

394211 - CVE-2007-5947 Mozilla jar: protocol XSS
394241 - CVE-2007-5959 Multiple flaws in Firefox
394261 - CVE-2007-5960 Mozilla Cross-site Request Forgery flaw

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-1.5.0.12-0.8.el4.src.rpm
e2c978d4b14f9cf19a8e39de02583008  firefox-1.5.0.12-0.8.el4.src.rpm

i386:
7c65767dfdaed3f752ff8d2432bbbb87  firefox-1.5.0.12-0.8.el4.i386.rpm
f370caeea0a992722a3856d63da52b1f  firefox-debuginfo-1.5.0.12-0.8.el4.i386.rpm

ia64:
1cf6f4a4b1555f8da1c9f6a69ad7f51a  firefox-1.5.0.12-0.8.el4.ia64.rpm
82eb56cadb11007f53a485bb4278f13a  firefox-debuginfo-1.5.0.12-0.8.el4.ia64.rpm

ppc:
2849e6a776fe9d7427f373d2634051bd  firefox-1.5.0.12-0.8.el4.ppc.rpm
20e0e2ef9266025221beca008d75eaa0  firefox-debuginfo-1.5.0.12-0.8.el4.ppc.rpm

s390:
39c83103495fb726421799de80f8553d  firefox-1.5.0.12-0.8.el4.s390.rpm
d899e6879dbae602227a1326a78d92d2  firefox-debuginfo-1.5.0.12-0.8.el4.s390.rpm

s390x:
719c9da1a4d6c07b5ffa970859d687bf  firefox-1.5.0.12-0.8.el4.s390x.rpm
baa53ea0dd0d4e423acbdbbf06eb9363  firefox-debuginfo-1.5.0.12-0.8.el4.s390x.rpm

x86_64:
07ae1640a44aed479a5d6afb668ed6ee  firefox-1.5.0.12-0.8.el4.x86_64.rpm
bf2c92230f3dcd965145c900eac0e803  firefox-debuginfo-1.5.0.12-0.8.el4.x86_64.rpm

Red Hat Enterprise Linux AS version 4.5.z:

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/4AS-4.5.z/en/os/SRPMS/firefox-1.5.0.12-0.8.el4.src.rpm
e2c978d4b14f9cf19a8e39de02583008  firefox-1.5.0.12-0.8.el4.src.rpm

i386:
7c65767dfdaed3f752ff8d2432bbbb87  firefox-1.5.0.12-0.8.el4.i386.rpm
f370caeea0a992722a3856d63da52b1f  firefox-debuginfo-1.5.0.12-0.8.el4.i386.rpm

ia64:
1cf6f4a4b1555f8da1c9f6a69ad7f51a  firefox-1.5.0.12-0.8.el4.ia64.rpm
82eb56cadb11007f53a485bb4278f13a  firefox-debuginfo-1.5.0.12-0.8.el4.ia64.rpm

ppc:
2849e6a776fe9d7427f373d2634051bd  firefox-1.5.0.12-0.8.el4.ppc.rpm
20e0e2ef9266025221beca008d75eaa0  firefox-debuginfo-1.5.0.12-0.8.el4.ppc.rpm

s390:
39c83103495fb726421799de80f8553d  firefox-1.5.0.12-0.8.el4.s390.rpm
d899e6879dbae602227a1326a78d92d2  firefox-debuginfo-1.5.0.12-0.8.el4.s390.rpm

s390x:
719c9da1a4d6c07b5ffa970859d687bf  firefox-1.5.0.12-0.8.el4.s390x.rpm
baa53ea0dd0d4e423acbdbbf06eb9363  firefox-debuginfo-1.5.0.12-0.8.el4.s390x.rpm

x86_64:
07ae1640a44aed479a5d6afb668ed6ee  firefox-1.5.0.12-0.8.el4.x86_64.rpm
bf2c92230f3dcd965145c900eac0e803  firefox-debuginfo-1.5.0.12-0.8.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-1.5.0.12-0.8.el4.src.rpm
e2c978d4b14f9cf19a8e39de02583008  firefox-1.5.0.12-0.8.el4.src.rpm

i386:
7c65767dfdaed3f752ff8d2432bbbb87  firefox-1.5.0.12-0.8.el4.i386.rpm
f370caeea0a992722a3856d63da52b1f  firefox-debuginfo-1.5.0.12-0.8.el4.i386.rpm

x86_64:
07ae1640a44aed479a5d6afb668ed6ee  firefox-1.5.0.12-0.8.el4.x86_64.rpm
bf2c92230f3dcd965145c900eac0e803  firefox-debuginfo-1.5.0.12-0.8.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-1.5.0.12-0.8.el4.src.rpm
e2c978d4b14f9cf19a8e39de02583008  firefox-1.5.0.12-0.8.el4.src.rpm

i386:
7c65767dfdaed3f752ff8d2432bbbb87  firefox-1.5.0.12-0.8.el4.i386.rpm
f370caeea0a992722a3856d63da52b1f  firefox-debuginfo-1.5.0.12-0.8.el4.i386.rpm

ia64:
1cf6f4a4b1555f8da1c9f6a69ad7f51a  firefox-1.5.0.12-0.8.el4.ia64.rpm
82eb56cadb11007f53a485bb4278f13a  firefox-debuginfo-1.5.0.12-0.8.el4.ia64.rpm

x86_64:
07ae1640a44aed479a5d6afb668ed6ee  firefox-1.5.0.12-0.8.el4.x86_64.rpm
bf2c92230f3dcd965145c900eac0e803  firefox-debuginfo-1.5.0.12-0.8.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4.5.z:

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/4ES-4.5.z/en/os/SRPMS/firefox-1.5.0.12-0.8.el4.src.rpm
e2c978d4b14f9cf19a8e39de02583008  firefox-1.5.0.12-0.8.el4.src.rpm

i386:
7c65767dfdaed3f752ff8d2432bbbb87  firefox-1.5.0.12-0.8.el4.i386.rpm
f370caeea0a992722a3856d63da52b1f  firefox-debuginfo-1.5.0.12-0.8.el4.i386.rpm

ia64:
1cf6f4a4b1555f8da1c9f6a69ad7f51a  firefox-1.5.0.12-0.8.el4.ia64.rpm
82eb56cadb11007f53a485bb4278f13a  firefox-debuginfo-1.5.0.12-0.8.el4.ia64.rpm

x86_64:
07ae1640a44aed479a5d6afb668ed6ee  firefox-1.5.0.12-0.8.el4.x86_64.rpm
bf2c92230f3dcd965145c900eac0e803  firefox-debuginfo-1.5.0.12-0.8.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-1.5.0.12-0.8.el4.src.rpm
e2c978d4b14f9cf19a8e39de02583008  firefox-1.5.0.12-0.8.el4.src.rpm

i386:
7c65767dfdaed3f752ff8d2432bbbb87  firefox-1.5.0.12-0.8.el4.i386.rpm
f370caeea0a992722a3856d63da52b1f  firefox-debuginfo-1.5.0.12-0.8.el4.i386.rpm

ia64:
1cf6f4a4b1555f8da1c9f6a69ad7f51a  firefox-1.5.0.12-0.8.el4.ia64.rpm
82eb56cadb11007f53a485bb4278f13a  firefox-debuginfo-1.5.0.12-0.8.el4.ia64.rpm

x86_64:
07ae1640a44aed479a5d6afb668ed6ee  firefox-1.5.0.12-0.8.el4.x86_64.rpm
bf2c92230f3dcd965145c900eac0e803  firefox-debuginfo-1.5.0.12-0.8.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-1.5.0.12-7.el5.src.rpm
9e6f9f8659b25e6420a1f395bbe09896  firefox-1.5.0.12-7.el5.src.rpm

i386:
e1b690ba4dfdd41e20aacfbb9d8fbb9a  firefox-1.5.0.12-7.el5.i386.rpm
e576368db6ed9eb70c65a596d5d684aa  firefox-debuginfo-1.5.0.12-7.el5.i386.rpm

x86_64:
e1b690ba4dfdd41e20aacfbb9d8fbb9a  firefox-1.5.0.12-7.el5.i386.rpm
88f3e7c170437da320696055350436dc  firefox-1.5.0.12-7.el5.x86_64.rpm
e576368db6ed9eb70c65a596d5d684aa  firefox-debuginfo-1.5.0.12-7.el5.i386.rpm
bdddabfbc73567c7537291b931abee4c  firefox-debuginfo-1.5.0.12-7.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-1.5.0.12-7.el5.src.rpm
9e6f9f8659b25e6420a1f395bbe09896  firefox-1.5.0.12-7.el5.src.rpm

i386:
e576368db6ed9eb70c65a596d5d684aa  firefox-debuginfo-1.5.0.12-7.el5.i386.rpm
06509ba586d9f37e71483107137f7843  firefox-devel-1.5.0.12-7.el5.i386.rpm

x86_64:
e576368db6ed9eb70c65a596d5d684aa  firefox-debuginfo-1.5.0.12-7.el5.i386.rpm
bdddabfbc73567c7537291b931abee4c  firefox-debuginfo-1.5.0.12-7.el5.x86_64.rpm
06509ba586d9f37e71483107137f7843  firefox-devel-1.5.0.12-7.el5.i386.rpm
ca90b71f3c70b0543a91cea11aec9b08  firefox-devel-1.5.0.12-7.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-1.5.0.12-7.el5.src.rpm
9e6f9f8659b25e6420a1f395bbe09896  firefox-1.5.0.12-7.el5.src.rpm

i386:
e1b690ba4dfdd41e20aacfbb9d8fbb9a  firefox-1.5.0.12-7.el5.i386.rpm
e576368db6ed9eb70c65a596d5d684aa  firefox-debuginfo-1.5.0.12-7.el5.i386.rpm
06509ba586d9f37e71483107137f7843  firefox-devel-1.5.0.12-7.el5.i386.rpm

ia64:
695649f81669a4bafb978c88c642a39d  firefox-1.5.0.12-7.el5.ia64.rpm
ca793f2ebcfc331a8e268959ee4d6eb4  firefox-debuginfo-1.5.0.12-7.el5.ia64.rpm
e83a2c4bbf2b8a8047eff54a92c73cf0  firefox-devel-1.5.0.12-7.el5.ia64.rpm

ppc:
2cd4f2936f18ce3aadc7738dcd1f64a5  firefox-1.5.0.12-7.el5.ppc.rpm
07bde30423e53504cac2c903b98f166d  firefox-debuginfo-1.5.0.12-7.el5.ppc.rpm
f974e753a4a1406e0f2c765bd1c6a903  firefox-devel-1.5.0.12-7.el5.ppc.rpm

s390x:
275ec90ac2e5119ef3a368f3635a6bed  firefox-1.5.0.12-7.el5.s390.rpm
f555a92ba6d9ccdab5b4f02dc6e0d486  firefox-1.5.0.12-7.el5.s390x.rpm
801eeef24bc79972ffeac00345bc4826  firefox-debuginfo-1.5.0.12-7.el5.s390.rpm
ddeb88632059d8fde675a8bbcb81bb0f  firefox-debuginfo-1.5.0.12-7.el5.s390x.rpm
6047f5e8ba382cca4e49bd203382ff33  firefox-devel-1.5.0.12-7.el5.s390.rpm
9ecba47676489b65b5975f32c3332d0f  firefox-devel-1.5.0.12-7.el5.s390x.rpm

x86_64:
e1b690ba4dfdd41e20aacfbb9d8fbb9a  firefox-1.5.0.12-7.el5.i386.rpm
88f3e7c170437da320696055350436dc  firefox-1.5.0.12-7.el5.x86_64.rpm
e576368db6ed9eb70c65a596d5d684aa  firefox-debuginfo-1.5.0.12-7.el5.i386.rpm
bdddabfbc73567c7537291b931abee4c  firefox-debuginfo-1.5.0.12-7.el5.x86_64.rpm
06509ba586d9f37e71483107137f7843  firefox-devel-1.5.0.12-7.el5.i386.rpm
ca90b71f3c70b0543a91cea11aec9b08  firefox-devel-1.5.0.12-7.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5947
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5960
http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFHS1juXlSAg2UNWIIRAoInAJ40qomr+lUcuk9bAMCHrznL2mnLMgCfYO2s
5B1V7B+O62KTYbKE9vMkCWE=
=xxN3
-----END PGP SIGNATURE-----



-- 
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC