DOM property issue among several spurring Firefox update |
 |
By Bill Brenner, Senior News Writer
26 Feb 2007 | SearchSecurity.com |
|
|
Mozilla has released a security update that fixes a variety of Firefox flaws digital miscreants could exploit to circumvent security restrictions, conduct cross-site scripting attacks and access sensitive information.
The company released eight advisories over the weekend, all of which were rated highly critical by Danish vulnerability clearinghouse Secunia. The French Security Incident Response Team (FrSIRT) rated the flaws critical.
The problems, as described by Secunia, are:
An error in how the browser handles the "locations.hostname" DOM property, which attackers could exploit to bypass certain security restrictions.
An integer underflow error in the Network Security Services (NSS) code attackers could exploit to cause a heap-based buffer overflow using a certificate with a public key too small to encrypt the "Master Secret."
A flaw that makes it possible to launch cross-site scripting attacks against sites containing a frame with a "data:" URI as source. Successful exploitation requires that a user is tricked into visiting a malicious Web site and opening a blocked popup.
A flaw that makes it possible to open windows containing local files, thereby stealing the contents when the full path of a locally saved file containing malicious script code is known. This can be exploited in combination with a flaw in the seeding of the pseudo-random number generator causing downloaded files to be saved to temporary files with a somewhat predictable name.
Browser UI elements like the host name and security indicators can be spoofed using a specially crafted custom cursor and manipulating the CSS3 hotspot property.
It may be possible to access sensitive information from a Web site by exploiting an error that causes two Web pages to collide in the disk cache, thereby potentially appending part of one document to the other.
Various errors in the Mozilla parser when handling invalid trailing characters in HTML tag attribute names and during processing of UTF-7 content when child frames inherit the character set of its parent window can be exploited to conduct cross-site scripting attacks.
A vulnerability in the Password Manager that could be exploited to conduct phishing attacks.
Multiple memory corruption errors exist in the layout engine, JavaScript engine, and in SVG. Some of these may be exploited to execute arbitrary code on a user's system.
An error within the handling of the onUnload event handler and self-modifying document.write() calls can be exploited to corrupt memory and potentially execute arbitrary code.
To correct the flaws, Mozilla will prompt Firefox users to click a box that upgrades the browser to versions 2.0.0.2 or 1.5.0.10.
|
|
|
|
