CERT-MU :Advisories

Home | FAQ | Site Map | Contact Us

Hotline : 800 2378

To contact CERT-MU send e-mail on - info[at]cert-mu.gov.mu

To report incident e-mail on - incident[at]cert-mu.gov.mu

Charter & Mission

CERT-MU Services

Constituency

Authority

Incident Reporting

Vulnerability Reporting

World CERTs

Security Sites

Security Tools

Antivirus Resources

Email Abuse

Network Abuse

Authorized to use CERT(TM) - CERT is a mark owned by Carnegie Mellon University

CERT-MU AD-2009-06

Multiple Vulnerabilities in Mozilla Products

Original issue date: 24 April, 2009

Overview

Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird and SeaMonkey which could allow a remote attacker to bypass certain security restrictions, obtain potentially sensitive information, execute an arbitrary code, cause a denial of service or potentially compromise an affected system.

Description

IDN Subdomain URI Spoofing Vulnerability

This vulnerability is caused due to improper rendering of homoglyph characters in IDN (International Domain Name) support in Mozilla Firefox. A remote attacker could exploit this vulnerability to spoof URL via a URL via (e.g. a ".cn") domain containing certain international characters that resemble other commonly used characters (e.g. "/" and “?” ) in the sub-domain part. Successful exploitation of this vulnerability could allow a remote attacker to spoof URLs and conduct phishing attacks.

Note : Mozilla SeaMonkey and Thunderbird versions is not affected by this issue.
Browser Engine and JavaScript Engine Memory Corruption Vulnerabilities

These vulnerabilities are caused due to multiple errors in the browser engine and Java Script Engine in Mozilla Firefox, Thunderbird and SeaMonkey. A remote attacker could exploit this vulnerability via a specially crafted HTML page to trigger the memory corruption error. Successful exploitation of this vulnerability could allow a remote attacker to execute an arbitrary code.

Workaround
Disable JavaScript until a version containing these fixes can be installed.
'jar:' Scheme Error Processing the 'content-disposition:’Header Vulnerability

This vulnerability is caused due to an error when the "jar:" scheme is used to wrap a URI ,which serves content with "Content-Disposition: attachment" in Mozilla Firefox Thunderbird and SeaMonkey. A remote attacker could exploit this vulnerability on sites that allow users to upload arbitrary content, which is served as "application/java-archive" or "application/x-jar", and that rely on the HTTP header "Content-Disposition: attachment" to prevent potentially untrusted content. Successful exploitation of this vulnerability could allow a remote attacker to subvert sites and conduct cross-site scripting attacks.
Adobe Flash Contents processing Cross-Domain Restrictions security bypass Vulnerability

This vulnerability is caused due to an error when loading a Adobe Flash file via the "view-source:" scheme in Mozilla Firefox, Thunderbird and SeaMonkey. A remote attacker could exploit this vulnerability by loading a specially crafted Adobe Flash content via the 'view-source:' scheme to bypass cross-domain restrictions.

Successful exploitation of this vulnerability could allow a remote attacker to conduct cross-site request forgery attacks (CSRF) or read and write Local Shared Objects on a user's system for tracking purposes.
Third-party stylesheets script injection Vulnerability

This vulnerability is caused due to an error in the processing of XBL bindings when third-party stylesheets embedded in websites in Mozilla Firefox, Thunderbird and SeaMonkey. A remote attacker could exploit this vulnerability to conduct script insertion attacks on sites that allow user to embed third-party style sheets.

Note: Thunderbird may be affected if JavaScript is enabled.
XMLHttpRequest and XPCNativeWrapper.toString Same-Origin Restrictions bypass Vulnerability

This vulnerability is caused due to same-origin policy validation errors in "XMLHttpRequest" and "XPCNativeWrapper.toString" in Mozilla Firefox, Thunderbird and SeaMonkey. A remote attacker could exploit this vulnerability via a specially crafted HTML that makes an XMLHttpRequest to trigger a mismatch between the document's URI and the document's principal.

Successful exploitation of this vulnerability could allow a remote attacker to bypass the same-origin policy and potentially execute code with chrome privileges or execute JavaScript in the context of another domain.

Note: Thunderbird may be affected if JavaScript is enabled in mail.
‘MozSearch' Cross-Site Scripting Vulnerability

This vulnerability is caused due to a weakness in the handling of "SearchForm" URIs in Mozilla Firefox. A remote attacker could exploit this vulnerability by tricking a user to install a specially crafted MozSearch plugin using a 'javascript:' URI in the SearchForm value and perform an empty search.

Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code in the context of an arbitrary site.
Frame Saving Sensitive Data disclosure Vulnerability

This vulnerability is caused due to an error in the handling of POST data in Mozilla Firefox and SeaMonkey. A remote attacker could exploit this vulnerability to disclose potentially sensitive data when saving an inner frame of a web page as file POST data of the outer page is sent to the URL of the inner frame.
Refresh Headers processing Cross-Site Scripting Vulnerability

This vulnerability is caused due to an error when processing "Refresh" headers containing a "javascript:" URI in Mozilla Firefox and SeaMonkey. A remote attacker could exploit this vulnerability by injecting a Refresh header into a server response, or could control the value that a site places in the Refresh header. Successful exploitation of this vulnerability could allow a remote attacker to conduct cross-site scripting attacks and execute arbitrary JavaScript code within the context of that site.

Affected systems

• Mozilla Firefox versions 2.x and prior
• Mozilla Firefox versions 3.x prior to 3.0.9
• Mozilla Thunderbird versions 2.x prior to 2.0.0.22
• Mozilla SeaMonkey versions 1.x prior to 1.1.17

Impact

Severity Rating: High

Solution

Update to Mozilla Firefox version 3.0.9
http://www.mozilla.org/projects/firefox/

Update to Mozilla SeaMonkey version 1.1.17 http://www.mozilla.org/projects/seamonkey/

Upgrade to Mozilla Thunderbird version 2.0.0.22 http://www.mozilla.com/thunderbird/

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Vendor Information