Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Mozilla Firefox "locations.hostname" DOM Property Handling Vulnerability
MODERATELY CRITICAL
Quote:
Description:
Michal Zalewski has reported a vulnerability in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions.
The vulnerability is caused due to an error in the handling of the "locations.hostname" DOM property. This can be exploited to e.g. manipulate authentication cookies for an arbitrary web site via assigning a URL including a NULL character ("\x00") to "locations.hostname".
Successful exploitation requires that the user is e.g. tricked into visiting a malicious web site.
The vulnerability is reported in version 2.0.0.1. Other versions may also be affected.
NOTE: Other issues have also been reported, some of which are also related to the "locations.hostname" DOM property.
Description:
Michal Zalewski has discovered a weakness in Firefox, which can be exploited by malicious people to conduct phishing attacks.
The weakness is caused due to Firefox allowing scripts to open a tab with a blank address bar and add arbitrary content to it. This can further be exploited to spoof the user interface, including setting the title to an arbitrary value.
The weakness is confirmed in version 2.0.0.1. Other versions may also be affected.
Description:
Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and spoofing attacks, gain knowledge of sensitive information, and potentially compromise a user's system.
1) An error in the handling of the "locations.hostname" DOM property can be exploited to bypass certain security restrictions.
For more information:
SA24175
2) An integer underflow error in the Network Security Services (NSS) code when processing SSLv2 server messages can be exploited to cause a heap-based buffer overflow via a certificate with a public key too small to encrypt the "Master Secret".
Successful exploitation may allow execution of arbitrary code.
NOTE: Support for SSLv2 is disabled in Firefox 2.x. This version is only vulnerable if user has modified hidden internal NSS settings to re-enable SSLv2 support.
3) It is possible to conduct cross-site scripting attacks against sites containing a frame with a "data:" URI as source.
Successful exploitation requires that a user is tricked into visiting a malicious website and opening a blocked popup.
4) It is possible to open windows containing local files thereby stealing the contents when the full path of a locally saved file containing malicious script code is known. This can be exploited in combination with a flaw in the seeding of the pseudo-random number generator causing downloaded files to be saved to temporary files with a somewhat predictable name.
Successful exploitation requires that a user is tricked into visiting a malicious website and opening a blocked popup.
5) Browser UI elements like the host name and security indicators can be spoofed using a specially crafted custom cursor and manipulating the CSS3 hotspot property.
6) It may be possible to gain knowledge of sensitive information from a website due to an error resulting in two web pages colliding in the disk cache thereby potentially appending part of one document to the other.
Successful exploitation requires that a user is tricked into visiting a malicious website while visiting the target website.
7) Various errors in the Mozilla parser when handling invalid trailing characters in HTML tag attribute names and during processing of UTF-7 content when child frames inherit the character set of its parent window can be exploited to conduct cross-site scripting attacks.
8) A vulnerability in the Password Manager may be exploited to conduct phishing attacks.
For more information:
SA23046
9) Multiple memory corruption errors exist in the layout engine, JavaScript engine, and in SVG. Some of these may be exploited to execute arbitrary code on a user's system.
How would "upgrading" to a lower version "1.5" help?
both 2.0.0.y and 1.5.0.y trees are receiving security updates... so for people using 1.5.0.y (such as those of us on Ubuntu 6.06 LTS), then 1.5.0.10 would be the version we'd apt-get update/upgrade to in order to get the latest security fixes in the most stable manner possible...
EDIT: heh, just saw craigevil already replied... oh well...
I usually use two IE explores , one is IE6.0, the other is firefox
I want to know which one is more safe to my system. who can tell me , thanks
this is kinda off-topic for this thread... additionally, if you are referring to IE and Firefox on Windows, then this is kinda off-topic for this forum... if the latter is the case, please start a thread in the General (non-Linux) forum... either way, this present thread will not be turned into an IE vs. Firefox disussion...
The FTP protocol includes the PASV (passive) command which is used by Firefox to request an alternate data port. The specification of the FTP protocol allows the server response to include an alternate server address as well, although this is rarely used in practice.
mark@bindshell.net reported that a malicious web page hosted on a specially-coded FTP server could use this feature to perform a rudimentary port-scan of machines inside the firewall of the victim. By itself this causes no harm, but information about an internal network may be useful to an attacker should there be other vulnerabilities present on the network.
Mozilla clients will now ignore the alternate server address.
Well , this is the first time I see a software having 2 different version lines being maintained simultaneously !
actually , I've Firefox 1.5.0.7 , should I upgrade to 1.5.0.11 or to the 2.0.0.3 ?
guess this is a lil bit weird , isn't it?
P.S HOw secure/insecure is my current 1.5.0.7 version ?
UPDATE:
I just trusted my dawg and downloaded 2.0.0.3 let's hope that the installation won't be a pain in buttom , LOL
Well , this is the first time I see a software having 2 different version lines being maintained simultaneously !
actually , I've Firefox 1.5.0.7 , should I upgrade to 1.5.0.11 or to the 2.0.0.3 ?
guess this is a lil bit weird , isn't it?
P.S HOw secure/insecure is my current 1.5.0.7 version ?
UPDATE:
I just trusted my dawg and downloaded 2.0.0.3 let's hope that the installation won't be a pain in buttom , LOL
entz:
From what little I know, the 1.5 line of Firefox will discontinue security updates as of the end of April 2007. The firefox 2.0 line is the new line.
I don't notice much difference between the 2 lines. However, I have noticed that firefox (regardless of the line) performs better in Linux than in Windows.
You might want to update the top post, because i'm running Firefox 1.5.0.7, i'm not sure weather a newer update has came out or not, but still.
The OP has been updated, thanks. There's been several security updates issued since 1.5.0.7. As has been posted, the current 1.5 version is 1.5.0.11. Either way, you really need to consider upgrading to 2.0.0.x, as is made clear by Mozilla on their Firefox 1.5.0.x download page:
Quote:
Firefox 1.5.0.x will be maintained with security and stability updates until mid-May, 2007. All users are strongly encouraged to upgrade to Firefox 2.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.