Mozilla fixes nearly two dozen Firefox flaws |
 |
By Bill Brenner, Senior News Writer
14 Apr 2006 | SearchSecurity.com |
|
|
The Mozilla Foundation has fixed approximately 21 flaws in the Firefox Web browser that could be exploited to bypass security restrictions, tamper with sensitive data or conduct cross-site scripting and phishing attacks.
Danish vulnerability clearinghouse Secunia rated the flaws "highly critical" in an advisory Thursday. The firm described the flaws as:
An error where JavaScript can be injected into another Web page that is currently loading. Attackers could exploit this to execute arbitrary HTML and script code in a user's browser session.
A garbage collection error in the JavaScript engine that can be exploited to cause memory corruption.
A boundary error in the CSS border rendering implementation that could be exploited to write past the end of an array.
An integer overflow in the handling of overly long regular expressions in JavaScript, which attackers could exploit to execute arbitrary JavaScript byte code.
Two errors in the handling of "-moz-grid" and "-moz-grid-group" display styles that could be exploited to execute arbitrary code.
An error in the "InstallTrigger.install()" method that be exploited to cause memory corruption.
An unspecified error that can be exploited to spoof the secure lock icon and the address bar by changing the location of a pop-up window in certain situations.
A condition where it's possible to trick users into downloading malicious files via the "Save image as..." menu option.
A condition where a JavaScript function created via an "eval()" call associated with a method of an XBL binding may be compiled with incorrect privileges. Attackers could exploit this to launch malicious code.
An error where the "Object.watch()" method exposes the internal "clone parent" function object, which can be exploited to execute arbitrary JavaScript code with escalated privileges.
An error in the protection of the compilation scope of built-in privileged XBL bindings that can be exploited to execute arbitrary JavaScript code with escalated privileges.
An unspecified error can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an arbitrary site via the window.controllers array.
An error in how a certain sequence of HTML tags are processed can be exploited to cause memory corruption.
An error in the "valueOf.call()" and "valueOf.apply()" methods can be exploited to execute arbitrary HTML and script code in a user's browser session.
Errors in the implementation of DHTML can be exploited to cause memory corruption.
An integer overflow error in the processing of the CSS letter-spacing property can be exploited to cause a heap-based buffer overflow.
An error in the way file-upload controls are handled can be exploited to upload arbitrary files from a user's system by dynamically changing a text input box to a file upload control.
An unspecified error in the "crypto.generateCRMFRequest()" method can be exploited to execute arbitrary code.
An error in how scripts in XBL controls are handled can be exploited to gain chrome privileges via the "Print Preview" functionality.
An error in a security check in the "js_ValueToFunctionObject()" method can be exploited to execute arbitrary code via "setTimeout()" and "ForEach."
An error in the interaction between XUL content windows and the history mechanism can be exploited to trick users into interacting with a browser user interface, which is not visible.
Users who update to Firefox versions 1.0.8 or 1.5.0.2 will be protected.
|
|
|
|
