Home | News | Links | Howto's | Reviews | Faq's | About Us | Downloads | Search | Forum | Submit | Login
Mozilla fixes nearly two dozen Firefox flaws Print E-mail
Written by Hans Straat: source http://searchwindowssecurity.techtarget.com, Wednesday, 19 April 2006

The Mozilla Foundation has fixed approximately 21 flaws in the Firefox Web browser that could be exploited to bypass security restrictions, tamper with sensitive data or conduct cross-site scripting and phishing attacks

Danish vulnerability clearinghouse Secunia rated the flaws "highly critical" in an advisory Thursday. The firm described the flaws as:

  • An error where JavaScript can be injected into another Web page that is currently loading. Attackers could exploit this to execute arbitrary HTML and script code in a user's browser session.
  • A garbage collection error in the JavaScript engine that can be exploited to cause memory corruption.
  • A boundary error in the CSS border rendering implementation that could be exploited to write past the end of an array.
  • An integer overflow in the handling of overly long regular expressions in JavaScript, which attackers could exploit to execute arbitrary JavaScript byte code.
  • Two errors in the handling of "-moz-grid" and "-moz-grid-group" display styles that could be exploited to execute arbitrary code.
  • An error in the "InstallTrigger.install()" method that be exploited to cause memory corruption.
  • An unspecified error that can be exploited to spoof the secure lock icon and the address bar by changing the location of a pop-up window in certain situations
  • A condition where it's possible to trick users into downloading malicious files via the "Save image as..." menu option.
  • A condition where a JavaScript function created via an "eval()" call associated with a method of an XBL binding may be compiled with incorrect privileges. Attackers could exploit this to launch malicious code.
  • An error where the "Object.watch()" method exposes the internal "clone parent" function object, which can be exploited to execute arbitrary JavaScript code with escalated privileges.
  • An error in the protection of the compilation scope of built-in privileged XBL bindings that can be exploited to execute arbitrary JavaScript code with escalated privileges.
  • An unspecified error can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an arbitrary site via the window.controllers array.
  • An error in how a certain sequence of HTML tags are processed can be exploited to cause memory corruption.
  • An error in the "valueOf.call()" and "valueOf.apply()" methods can be exploited to execute arbitrary HTML and script code in a user's browser session.
  • Errors in the implementation of DHTML can be exploited to cause memory corruption.
  • An integer overflow error in the processing of the CSS letter-spacing property can be exploited to cause a heap-based buffer overflow.
  • An error in the way file-upload controls are handled can be exploited to upload arbitrary files from a user's system by dynamically changing a text input box to a file upload control.
  • An unspecified error in the "crypto.generateCRMFRequest()" method can be exploited to execute arbitrary code.
  • An error in how scripts in XBL controls are handled can be exploited to gain chrome privileges via the "Print Preview" functionality.
  • An error in a security check in the "js_ValueToFunctionObject()" method can be exploited to execute arbitrary code via "setTimeout()" and "ForEach."
  • An error in the interaction between XUL content windows and the history mechanism can be exploited to trick users into interacting with a browser user interface, which is not visible.

    Users who update to Firefox versions 1.0.8 or 1.5.0.2 will be protected.

    This article originally appeared on SearchSecurity.com.

    •  

    Comments
    Add NewSearchRSS
    Only registered users can write comments!
     
    < Prev   Next >
    [ Back ]