-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Multiple Vulnerabilities in Mozilla Firefox
http://www.cert-in.org.in/advisory/ciad-2009-43.htm
Original Issue Date: September 14, 2009
Severity Rating:High
System Affected
Mozilla Firefox versions prior to 3.5.3
Mozilla Firefox versions prior to 3.0.14
Overview
Multiple vulnerabilities have been reported in Mozilla Firefox, which could
allow a remote attacker to bypass certain security restrictions, disclose
potentially sensitive information, cause a denial of service conditions,
conduct spoofing attacks, execute an arbitrary code, or potentially
compromise an affected system.
Description
1. Multiple Memory corruption vulnerabilities in the java_script engine
and Browser engine
(CVE-2009-3069 , CVE-2009-3070 , CVE-2009-3071 ,
CVE-2009-3072 , CVE-2009-3073 , CVE-2009-3074 ,
CVE-2009-3075)
Multiple memory corruption vulnerabilities have been reported in Mozilla
Firefox due to improper handling of malformed data injava_script and
Browser engines. A remote attacker could exploit these vulnerabilities via
a specially crafted HTML file to trigger memory corruption error.
Successful exploitation of these vulnerabilities could allow a remote
attacker to cause denial of service condition or execute an arbitrary code.
Workarounds
Disablejava_script until a version containing these fixes can be installed.
2. Insufficient warning for PKCS11 module installation and removal
vulnerability (CVE-2009-3076)
This vulnerability is caused due to insufficient warning information
displayed in the dialog when adding or removing security modules via
pkcs11.addmodule or pkcs11.deletemodule in Mozilla Firefox. A remote
attacker could exploit this vulnerability by tricking a user to install a
malicious PKCS11 module and affect the cryptographic integrity of a
vulnerable browser.
Note : Firefox 3.5 releases are not affected by this issue.
3. TreeColumns Dangling Pointer Vulnerability (CVE-2009-3077)
This vulnerability is caused due to an error when processing operations
performed on the columns of a XUL tree element in Mozilla Firefox. A remote
attacker could exploit this vulnerability via a pointer owned by a column
of the XUL tree element to dereference the freed memory. Successful
exploitation of this vulnerability could allow a remote attacker to execute
an arbitrary code.
4. Location bar spoofing Vulnerability (CVE-2009-3078)
This vulnerability is caused due to an error when displaying certain
Unicode characters with a tall line-height in the location bar using the
default Windows font in Mozilla Firefox. A remote attacker could exploit
this vulnerability via Unicode characters having a tall line-height to
spoof the URL of a trusted site and also aid in other attacks .
5. Chrome privilege escalation with FeedWriter Vulnerability
(CVE-2009-3079)
This vulnerability is caused due to an error in the implementation of the
"BrowserFeedWriter" object in Mozilla Firefox. A remote attacker could
exploit this vulnerability via a specially craftedjava_script to execute an
arbitraryjava_script code with chrome privileges.
Workaround
Disablejava_script until a version containing this fix can be installed
Solution
Upgrade to Mozilla Firefox version 3.5.3 or 3.0.14
http://www.mozilla.com/firefox/
Vendor Information
Mozilla
http://www.mozilla.com/en-US/
References
Mozilla
http://www.mozilla.org/security/announce/2009/mfsa2009-47.html
http://www.mozilla.org/security/announce/2009/mfsa2009-48.html
http://www.mozilla.org/security/announce/2009/mfsa2009-49.html
http://www.mozilla.org/security/announce/2009/mfsa2009-50.html
http://www.mozilla.org/security/announce/2009/mfsa2009-51.html
Bugzilla
https://bugzilla.mozilla.org/show_bug.cgi?id=453827
https://bugzilla.mozilla.org/show_bug.cgi?id=454363
https://bugzilla.mozilla.org/show_bug.cgi?id=506838
https://bugzilla.mozilla.org/buglist.cgi?bug_id=430569,437565,465651
https://bugzilla.mozilla.org/buglist.cgi?bug_id=493649,495444,490196,502017
https://bugzilla.mozilla.org/buglist.cgi?bug_id=501900,508074,494283
https://bugzilla.mozilla.org/show_bug.cgi?id=507292
https://bugzilla.mozilla.org/show_bug.cgi?id=467493
https://bugzilla.mozilla.org/buglist.cgi?bug_id=505305,441714
https://bugzilla.mozilla.org/buglist.cgi?bug_id=326628,509413
https://bugzilla.mozilla.org/show_bug.cgi?id=506871
ZDI
http://www.zerodayinitiative.com/advisories/ZDI-09-065/
Secunia
http://secunia.com/advisories/36671/
SecurityFocus
http://www.securityfocus.com/bid/36343/info
SecurityTracker
http://securitytracker.com/alerts/2009/Sep/1022876.html
http://securitytracker.com/alerts/2009/Sep/1022877.html
http://securitytracker.com/alerts/2009/Sep/1022873.html
http://securitytracker.com/alerts/2009/Sep/1022875.html
http://securitytracker.com/alerts/2009/Sep/1022874.html
VUPEN
http://www.vupen.com/english/advisories/2009/2585
Juniper
http://www.juniper.net/security/auto/vulnerabilities/vuln36343.html
CVE Name
CVE-2009-3069
CVE-2009-3070
CVE-2009-3071
CVE-2009-3072
CVE-2009-3073
CVE-2009-3074
CVE-2009-3075
CVE-2009-3076
CVE-2009-3077
CVE-2009-3078
CVE-2009-3079
CWE Name
CWE-119
CWE-265
CWE-357
CWE-451
CWE-465
Disclaimer
The information provided herein is on "as is" basis, without warranty of
any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
Note: Please do not reply to this e-mail. For further queries contact
CERT-In Information Desk. Email: info@cert-in.org.in
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8
wsBVAwUBSq41rHWXeYNsoT30AQr3Iwf/bM5dW0e/xQqwf6ijz4t+/2v1mX3m8Jxc
74mBXYV12LIxYnc31EX/ITideKnXu9ilTiYGDO2TEQL2t8+tt6FO/LUY/1dMUMK4
wbx5EK4dWHbkS+0oN2KwkBJ3rrNrnOGa7GWQS/ObFns1PPEWDAldeTmnqKTgy0Lc
IXZOawiydLfmZquG4lna3TBsJKcdlOGJt5s66i8r7BNWwb5mjrmvU4uRYfeIEN1X
OTD1CAJ+IHCcgydQO7xQeWgKBBsXkZ99CeLygmUEDyxbxnYI+oWUtdprrAMD3h5F
KTvu3muL5SptEEdBatb6oRzxi4dSmSLVOt755bnWdX1TQ9iul3A5YQ==
=ryom
-----END PGP SIGNATURE-----
For More Security Related Stuff visit http://wiki.secureit.in.A Wiki Website dedicated to Information Security.
No comments:
Post a Comment