| |||
|
|
||
|
|||
| |
|
Home > Security News > Mozilla issues Firefox mega-fix |
| |
|
|
|
|
| Security News: |
|
||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Updated Feb. 3 with information from Symantec on a flaw not fixed in the latest Firefox update. Mozilla Corp. has fixed an array of security glitches in the popular Firefox browser late Wednesday. Malicious attackers could exploit the flaws to bypass security restrictions, compromise sensitive data and launch cross-site scripting attacks. Four flaws affect Firefox version 1.5 specifically, while other problems affect various versions of Firefox, and possibly the Mozilla Thunderbird open source e-mail application under certain circumstances. The flaws and fixes were outlined in seven separate advisories: The first problem is that "garbage collection hazards" were found in the JavaScript engine where "some routines used temporary variables that were not properly protected," Mozilla said. "Specially crafted objects could contain a user-defined method that would be called during the lifetime of these temporaries. If this method triggered garbage collection, the engine would operate on the unexpectedly freed temporary object when it returned from the user-defined routine." The risk appears remote, Mozilla said, but "this type of memory corruption could potentially be used by an attacker to run arbitrary code." The second problem is a dynamic style handling glitch that could be exploited to reference freed memory by changing the style of an element from "position:relative" to "position:static." Attackers could exploit this to run arbitrary code, Mozilla said. The third problem is that calling the "QueryInterface" method of the built-in location and navigator objects can cause memory corruption, allowing an attacker to launch malicious code.
The fifth problem is that attackers could exploit some integer overflows in the E4X, SVG, and Canvas features to launch code. The sixth problem is that an upgrade in the XML parser introduced a bug that could read beyond the end of the buffer, often causing a crash. "We don't know if this could be exploited to incorporate private data into the DOM of an XML document," Mozilla said, "but it could be a privacy risk if so." The seventh problem is that the implementation of E4X introduced an internal "AnyName" object that was unintentionally exposed to Web content. "This singleton object could be used by two cooperating domains as a communication channel to get around same-origin restrictions that prevent direct access from one window or frame to another," Mozilla said. The advisories come two days after Cupertino, Calif.-based Symantec Corp. e-mailed customers of its DeepSight Threat Management System an alert regarding a flaw in Firefox. The AV giant warned that the open source broswer is vulnerable to a flaw that could allow a Web page to "execute malicious script code in the context of an arbitrary domain." This could lead to a variety of attacks, "including theft of cookie-based authentication credentials," Symantec said. "The issue affects the '-moz-binding' property that is used to attach extensible binding language (XBL) to elements through cascading style sheets (CSS)," Symantec said. "Due to an origin validation error, arbitrary script code included with XBL may be executed in the context of another domain. The cause of this issue is that the browser's same origin policy is not enforced on this property." This could allow a malicious site to access the properties of a trusted site and facilitate various attacks, including disclosure of sensitive information, Symantec said. A Symantec spokesman said Wednesday that this particular flaw was not fixed in the latest Firefox update.
|
|
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||
|
|||||||||||||||||||||||||||
| |||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||
