Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Vulnerabilities Discovered in Firefox 1.0

Posted by samzenpus on from the protect-yourself-at-all-times dept.

jflint writes "Today, the security firm Secunia has released 8 more security vulnerabilities it has discovered in Mozilla products, including Firefox and Thunderbird. The exploits "could be used by criminals to spoof, or fake, various aspects of a Web site, ranging from its SSL secure site icon to the contents of an inactive tab.""

6 of 406 comments (clear)

  1. What the hell? by Anonymous Coward · · Score: 5, Informative

    Why is Slashdot linking to some guy's blog that no one has heard of rather than the actual Securnia advisories page? The blog entry doesn't even link there! I don't even see how this is a story since Firefox 1.0.1 has already been covered on Slashdot, and these vulnerabilites were announced then.

  2. Re:New Discovery? by Daniel+Boisvert · · Score: 5, Informative

    The update button showed up for me today. I clicked it and it ran me through the download and install of 1.0.1. The automatic update was intentionally delayed because of server capacity issues; apparently they've got them sorted out now.

  3. Re:New Discovery? by SuperficialRhyme · · Score: 5, Informative

    Secunia just put the list together. Copy/pasting the list and who found them from secunia since someone didn't link to it in the article.

    1) The vulnerability is caused due to the temporary plugin directory being created insecurely. This can be exploited via symlink attacks to delete arbitrary directories with the privileges of the user running Mozilla or Firefox.

    2) The problem is that an inactive tab can launch an HTTP authentication prompt, which appears to be displayed by a website in another tab. This may be exploited to trick a user into entering some sensitive information (e.g. user credentials).

    This is similar to:
    SA12712

    3) An error in the handling of shortcut files (.lnk) can be exploited to overwrite arbitrary files by tricking a user into downloading a shortcut file twice.

    4) The problem is that a XML document can include XSLT stylesheets from arbitrary sites, which may be exploited to disclose some sensitive information.

    5) An error in the form fill feature (autocomplete) allows reading suggested values before they are chosen. This can be exploited to disclose some potentially sensitive input by tricking a user into arrowing through some autocompleted values.

    6) A memory handling error in Mozilla string classes may allow overwriting of memory if the browser runs out of memory during string growth. This can potentially be exploited to execute arbitrary code.

    7) The problem is that the hostname can be obfuscated in the installation confirmation dialog by including an overly long username and password. This can be exploited to trick users into accepting installations from untrusted sources.

    Successful exploitation requires that the malicious website is allowed to request installations.

    8) It is possible to cause a heap overflow due to an error when converting malformed UTF8 character sequences to Unicode. This may be exploited to cause a heap overflow and execute arbitrary code, however, general web content is not converted using the vulnerable code.

    9) Various errors make it possible to show the "secure site" lock icon with certificate information belonging to a different site.

    Provided and/or discovered by:
    1) Tavis Ormandy
    2) Christian Schmidt
    3) Masayuki Nakano
    4) Georgi Guninski
    5) Matt Brubeck
    6) Independently discovered by:
    * Daniel de Wildt
    * Gaël Delalleau
    7) Phil Ringnalda
    8) wind li
    9) Mook, Doug Turner, Kohei Yoshino, M. Deaudelin

  4. Re:New Discovery? by aneroid · · Score: 5, Informative
    2) The problem is that an inactive tab can launch an HTTP authentication prompt, which appears to be displayed by a website in another tab. This may be exploited to trick a user into entering some sensitive information (e.g. user credentials).

    i always wanted that modal dialog to be made non- and only appear for that tab (when it's in focus).

    i doubt this would've prevented the bug. but the page it was appearing for would be obvious. a possible hack to that could be...have a javascript window which is already open make the connection. in that case, even if the js window is shown, with the browser most likely behind it, it wouldn't be obvious. could fix that too :P by outlining the window/tab that calls it. of course, even that could...
  5. Re:New Discovery? by taylortbb · · Score: 5, Informative

    They started rolling it out for windows only but they had the cancel it. Linux and Mac users were getting the windows only code and that was causing problems so it was disabled. It is now back for windows users.

    http://weblogs.mozillazine.org/asa/

  6. Re:First by felipin-sioux · · Score: 5, Informative

    If you have firefox 1.01 installed you have nothing to worry about.

    No, there are security advisories for firefox 1.01, like this one.

    And the story didn't even link the vulnerability report on Mozilla Firefox 1.x from Secunia. Anyway, just stay tuned and have your FF always updated.

    --
    Sorry, this sig is beneath your current threshold