Mozilla Products Remote Code Execution and Cross Site Scripting Vulnerabilities
Technical Description



Multiple vulnerabilitieshave been identified in Mozilla Firefox, SeaMonkey, and Thunderbird,which may be exploited by remote attackers to take complete control ofan affected system, bypass security restrictions, or disclose sensitiveinformation.



The first issue is due to buffer overflow errors when processingspecially crafted JavaScript regular expressions, which could beexploited by attackers to execute arbitrary commands.



The second issue is due to an error in the auto-update mechanism whenvalidating certificates, which could be exploited by attackers to trickusers into accepting unverifiable (often self-signed) certificates asvalid and redirect them to a malicious web site.



The third vulnerability is due to memory corruption errors during textdisplay, which could be exploited by attackers to crash a vulnerableapplication and potentially execute arbitrary commands.



The fourth issue is due to an error in the Network Security Services(NSS) library during RSA signature verification, which could beexploited by attackers to forge signatures. For additional information,see : FrSIRT/ADV-2006-3453



The fifth flaw is due to an origin validation error when handlingcontent injected from a web site into a sub-frame of another site using"targetWindow.frames[n].document.open()", which could be exploited bymalicious people to conduct cross-domain scripting attacks.



The sixth vulnerability is due to an error where blocked popups fromthe status bar (blocked popups) icon are always opened in the contextof the site listed in the Location (address) bar, which could beexploited by malicious people to conduct cross-site scripting attacks.



The seventh flaw is due to an error where JavaScript code included inremote XBL files is always executed even if JavaScript has beendisabled (by default), which could be exploited by attackers to bypasssecurity restrictions and gain knowledge of sensitive information.



The eighth vulnerability is due to memory corruption errors whenhandling malformed contents, which could be exploited by attackers tocrash a vulnerable application or execute arbitrary commands.



Affected Products



Mozilla Firefox versions prior to 1.5.0.7

Mozilla Thunderbird versions prior to 1.5.0.7

Mozilla SeaMonkey versions prior to 1.0.5

Mozilla Network Security Service (NSS) versions prior to 3.11.3



Solution



Upgrade to Firefox 1.5.0.7, Thunderbird 1.5.0.7, SeaMonkey 1.0.5, and Network Security Service (NSS) 3.11.3 :

http://www.mozilla.org/products/



더보기

댓글,