Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mozilla / Firefox Memory Exposure Vulnerability

Posted by timothy on from the mine-sure-is-vulnerable dept.

JimmyM writes "Secunia has a story regarding a new severe vulnerability in the Mozilla Suite and Firefox browser, which can be exploited by any web site to read all memory, which the browser process has access to. No patch is available from Mozilla. A demonstration is available here."

10 of 132 comments (clear)

  1. Re:Did the Mozilla/Firefox guys ignore a warning? by rogabean · · Score: 2, Interesting

    Excellent question.

    Just tested out the "proof test" myself. Amazing some of the stuff I still had in memory here ;)

    Followed by the browser shutting itself down after about 20 furious clicks on the link! :P

    --
    "why don't you just slip into something more comfortable...like a coma!"
  2. Confusing write-up by Smack · · Score: 3, Interesting

    Can a remote site actually get access to this information, or is it only displayable on the screen?

    1. Re:Confusing write-up by Kelerain · · Score: 2, Interesting

      If they can display it in a form like that, they could submit that information in a hidden form window on a stie where you typically expect to submit info (a login page for example). Javascript can talk to a website back end as well I think.

      Also from the article:
      "A vulnerability has been discovered in various Mozilla products, which can be exploited by malicious people to gain knowledge of potentially sensitive information."

      So yeah, this is a bit more dangerous than the old load the root folder in an iframe trick.

    2. Re:Confusing write-up by Sentry21 · · Score: 3, Interesting

      Javascript could access this, then send that information to a form via a GET request (URLencoded) to a script via a 1x1 pixel iframe hidden on the page, or even a display: hidden; iframe for that matter.

      I don't think this is necessarily a huge problem - it's a critical bug, but until we see some major code execution or phishing, it probably won't be as big of a deal as it could be.

      The question is, can they find out how big of a memory chunk they can read before they start reading? If so, they could grab god knows how many megs and start uploading it somewhere (somehow - that's too big for a GET query) and just dump it, but if they read too much and try to read what Firefox can't access, it should (emphasis 'should') get killed by Windows instead of failing silently.

  3. I'm shocked! by samael · · Score: 5, Interesting

    I seem to recall that every time an IE bug appeared people would say that Mozilla was much more secure, and that it wasn't just that IE was targetted by hackers because of the popularity, but that the software was inherently more secure.

    But now it seems there are patches for Mozilla every few weeks for _exactly_ the same kind of problems that IE used to get slated for.

    Is Mozilla actually more secure? Or is it just as bad as any other piece of software?

    --
    My Journal
    1. Re:I'm shocked! by Ogerman · · Score: 4, Interesting

      Is Mozilla actually more secure? Or is it just as bad as any other piece of software?

      In terms of design decisions, you might easily say that Mozilla is more secure than IE. (not being integrated with OS and all..) In terms of coding bugs, Mozilla is no different than any other super complex piece of software. But there's another way to look at it. Because the Mozilla code is open, we might expect an ugly rash of bugs to be found near the beginning of its rise to popularity. But we might also expect this to rapidly taper off as all the major bugs are found and squashed. So you might say that now is a relatively dangerous time to use Mozilla (instead of say.. Konqueror or Safari). But, on the other hand, it's still not quite popular enough to attract the volume of real-world attacks that IE has received. Honestly, if you're some jerk running a malicious website, are you going to target this quirky bug in Mozilla or the myriad of IE exploits that are sure to pay off?

      What does bother me is that the Mozilla folks haven't taken automated updates seriously enough. I cringe to think of how many Firefox early adopters have no clue what that little red arrow at the top of their screen is. Or if they do, how many dial-up users will be patient enough to wait for the update to download.. which isn't really an update at all but a full copy of the latest version.

  4. It looks like it requires Javascript by wowbagger · · Score: 2, Interesting

    It looks like, in order to make use of this flaw, the attacker must get the victim to run Javascript.

    Once again demonstrating the danger in the current mindset of "I will use Javascript to do everything, even things that can be done with plain HTML like opening a new window".

    I have my Mozilla configured to ask me if I want it to fetch Javascript from remote sites (alas, you cannot protect yourself from Javascript embedded in the HTML of the site you are visiting), to ask me if I want to run any requested plugins, and to ask be before allowing any cookies to be set on my browser.

    If you can, try this yourself - you will be AMAZED at the number of sites that insist upon setting a cooking on you the first thing when you visit them, or that insist upon trying to load Javascript, or Flash plugins.

    Cookies are fine for sites which require log-in (e.g. /.). Javascript is fine for sites that need to do some client side processing (e.g. order entry sites which use JS to compute the order amounts to avoid a round-trip to the server). Flash is fine for some applications.

    But please don't over use them.

    --
    www.eFax.com are spammers
  5. Re:Did the Mozilla/Firefox guys ignore a warning? by klui · · Score: 4, Interesting

    Comments seem to indicate that it's a very old bug...

    ------- Additional Comment #6 From Brendan Eich 2005-04-01 17:49 PDT [reply] -------

    BTW, this bug is like 8+ years old. Roger Lawrence fixed half of it in 2000:

    r=norris,waldemar
    Fixes for bugs#23607, 23608, 23610, 23612, 23613. Also, first cut at URI
    encode & decode routines.

    Unfortunately, AFAICT none of the bugs he cites had anything to do with the two
    hunks of that revision:

    @@ -1061,16 +1080,22 @@ find_replen(JSContext *cx, ReplaceData *
    @@ -1138,16 +1163,17 @@ find_replen(JSContext *cx, ReplaceData *

    that half-fixed the original 1997-era bug. /be

  6. IE & Opera Unaffected by TFGeditor · · Score: 4, Interesting

    Just for grins, I tried it wi IE and Opera. Just threw up a bunch of XXXXX in the text box.

    Clearly a Mozilla-specific problem.

    --
    Ignorance is curable, stupid is forever.
  7. Re:CRASH? by srstoneb · · Score: 2, Interesting

    The first time I tried it, it didn't merely crash Firefox. When I clicked the "test now" link my entire system immediately died, and began rebooting. After reboot, the test now works (and confirms my vulnerability).

    Windows 98 SE, Firefox 1.0.2.