Mozilla Firefox Vulns

unSpawn · 06-17-2008, 10:09 AM

Great job you've been doing the past years. Thanks.

win32sux · 06-17-2008, 01:44 PM

Thanks for all the thanks guys! You are all very welcome!

On that note, I point you toward a Mozilla bug report filled-out by Giorgio Maone (the author of the NoScript extension) a few days ago. I wasn't sure how real the security implications of this bug were, so I waited a couple days to see how the discussion went before posting here. Giorgio has now provided an illustration of his security concerns regarding this bug, and I feel a heads-up on this thread is warranted now. BTW, he's built a workaround into later versions of NoScript.

shawnbishop · 06-18-2008, 12:13 PM

Download Firefox 3 today!!!, its avaliable

Cuetzpallin · 06-18-2008, 12:58 PM

Quote:

Originally Posted by shawnbishop

Download Firefox 3 today!!!, its avaliable

Since yesterday

on all my boxes

win32sux · 06-19-2008, 01:17 PM

Quote:

Description:
A vulnerability has been reported in Mozilla Firefox, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an unspecified error and can be exploited to execute arbitrary code e.g. when a user visits a specially crafted web page.

The vulnerability is reported in versions 3.0 and 2.0.x. Other versions may also be affected.

Solution:
Do not follow untrusted links nor browse untrusted web sites.

Secunia Advisory

win32sux · 06-19-2008, 09:36 PM

FYI, it's starting to sound like the above vulnerability might just be the tip of the iceberg.

win32sux · 06-23-2008, 03:43 PM

Ran into this interesting extension vulnerability claim (with proof-of-concept) on BugTraq.

win32sux · 07-02-2008, 05:28 PM

Quote:

Description:
Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system.

1) Multiple errors in the layout and JavaScript engines can be exploited to corrupt memory.

2) An error in the handling of unprivileged XUL documents can be exploited to load Chrome scripts from a "fastload" file via "<script>" elements.

3) An error in the "mozIJSSubScriptLoader.LoadScript()" function can be exploited to bypass XPCNativeWrappers and run arbitrary code with Chrome privileges.

Successful exploitation requires that an add-on using the affected function is installed.

4) An error in the block reflow process can be exploited to cause a crash or potentially execute arbitrary code.

5) An error in the processing of file URLs contained within local directory listings can potentially be exploited to execute malicious JavaScript content.

6) Multiple errors in the implementation of the JavaScript same origin policy can be exploited to execute arbitrary script code in the context of a different domain.

7) Multiple errors in the verification of signed JAR files can be exploited to execute arbitrary JavaScript code with the privileges of the JAR's signer.

8) An error in the implementation of file upload forms can be exploited to upload arbitrary local files to a remote webserver via specially crafted "DOM Range" and "originalTarget" elements.

9) An error in the Java LiveConnect implementation on Mac OS X can be exploited to establish arbitrary socket connections.

10) An uninitialized memory access in the processing of improperly encoded ".properties" files can potentially be exploited to disclose sensitive memory via an add-on using the malformed file.

11) An error in the processing of "Alt Names" provided by "peer" trusted certificates can be exploited to conduct spoofing attacks.

12) An error in the processing of Windows URL shortcuts can be exploited to run a remote site as a local file.

Successful exploitation requires that the user is tricked into downloading and then opening a malicious Windows URL shortcut.

The vulnerabilities are reported in versions prior to 2.0.0.15.

[...]

Solution:
Update to version 2.0.0.15.
http://www.mozilla.com/en-US/firefox/all-older.html

Secunia Advisory

win32sux · 07-05-2008, 09:16 AM

I can't seem to get the proof-of-concept to download, so I haven't been able to confirm this.

Quote:

Mozilla Firefox is prone to a remote denial-of-service vulnerability.

Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions.

This issue affects Mozilla FireFox 3 running on Ubuntu Linux 8.04; other versions running on different platforms may also be affected.

Bugtraq ID: 29984

win32sux · 07-08-2008, 06:22 AM

Quote:

Mozilla has been working with security researcher and analyst Rich Mogull for a few months now on a project to develop a metrics model to measure the relative security of Firefox over time. We are trying to develop a model that goes beyond simple bug counts and more accurately reflects both the effectiveness of secure development efforts, and the relative risk to users over time. Our goal in this first phase of the project is to build a baseline model we can evolve over time as we learn what works, and what does not. We do not think any model can define an absolute level of security, so we decided to take the approach of tracking metrics over time so we can track relative improvements (or declines), and identify any problem spots. This information will support the development of Mozilla projects including future versions of Firefox.

Complete Article

win32sux · 07-16-2008, 02:39 PM

Quote:

Description:
Some vulnerabilities have been reported in Firefox 3, which can be exploited by malicious people to bypass certain security restrictions, potentially conduct spoofing attacks, or compromise a user's system.

1) A vulnerability can be exploited to launch e.g. "file" or "chrome:" URIs in Firefox.

[...]

2) Input passed to XUL based error pages is not properly sanitised before being returned to a user and can be exploited to e.g. conduct spoofing attacks.

In combination with vulnerability #1 this can be exploited to inject arbitrary script code and execute arbitrary code in "chrome" context, but requires that a specially crafted URI is passed to Firefox and that Firefox is not running.

The vulnerabilities are reported in versions prior to 3.0.1.

[...]

Solution:
Update to version 3.0.1.
http://www.mozilla.com/en-US/firefox/

Secunia Advisory

A similar issue seems to affect Firefox 2.

EDIT: List of vulnerabilities fixed is also available directly from Mozilla for 3.0.1 and 2.0.0.16.

DeepSeaNautilus · 08-07-2008, 05:47 PM

Hello I would like to know how many of the vulnerabilities you mentioned before about firefox are present in firefox 3.0 so I´ll know what to fix. Thanks

win32sux · 08-07-2008, 06:28 PM

Quote:

Originally Posted by DeepSeaNautilus

Hello I would like to know how many of the vulnerabilities you mentioned before about firefox are present in firefox 3.0 so I´ll know what to fix. Thanks

You can get a decent idea of which Mozilla Firefox 3.x known vulnerabilities are unpatched here.

win32sux · 08-07-2008, 06:30 PM

Quote:

LAS VEGAS -- Open-source software maker Mozilla announced this week that the company will require developers to undergo training in secure programming and allow the security community to review its assessments of threats to the Firefox browser.

Full Story

win32sux · 09-24-2008, 05:27 AM

Firefox 3.0.2 is out. It fixes some security issues.

The relevant Secunia advisory is here.