D
Dick Hazeleger
Hi to all
Just got a message in from both the Dutch CERT team and Secunia, saying:
http://secunia.com/advisories/15292/
CRITICAL:
Extremely critical
IMPACT:
Cross Site Scripting, System access
WHERE:
From remote
SOFTWARE:
Mozilla Firefox 1.x
http://secunia.com/product/4227/
DESCRIPTION:
Two vulnerabilities have been discovered in Firefox, which can be
exploited by malicious people to conduct cross-site scripting attacks
and compromise a user's system.
1) The problem is that "IFRAME" JavaScript URLs are not properly
protected from being executed in context of another URL in the
history list. This can be exploited to execute arbitrary HTML and
script code in a user's browser session in context of an arbitrary
site.
2) Input passed to the "IconURL" parameter in
"InstallTrigger.install()" is not properly verified before being
used. This can be exploited to execute arbitrary JavaScript code with
escalated privileges via a specially crafted JavaScript URL.
Successful exploitation requires that the site is allowed to install
software (default sites are "update.mozilla.org" and
"addons.mozilla.org").
A combination of vulnerability 1 and 2 can be exploited to execute
arbitrary code.
NOTE: Exploit code is publicly available.
The vulnerabilities have been confirmed in version 1.0.3. Other
versions may also be affected.
SOLUTION:
Disable JavaScript.
Regards
Dick
Just got a message in from both the Dutch CERT team and Secunia, saying:
http://secunia.com/advisories/15292/
CRITICAL:
Extremely critical
IMPACT:
Cross Site Scripting, System access
WHERE:
From remote
SOFTWARE:
Mozilla Firefox 1.x
http://secunia.com/product/4227/
DESCRIPTION:
Two vulnerabilities have been discovered in Firefox, which can be
exploited by malicious people to conduct cross-site scripting attacks
and compromise a user's system.
1) The problem is that "IFRAME" JavaScript URLs are not properly
protected from being executed in context of another URL in the
history list. This can be exploited to execute arbitrary HTML and
script code in a user's browser session in context of an arbitrary
site.
2) Input passed to the "IconURL" parameter in
"InstallTrigger.install()" is not properly verified before being
used. This can be exploited to execute arbitrary JavaScript code with
escalated privileges via a specially crafted JavaScript URL.
Successful exploitation requires that the site is allowed to install
software (default sites are "update.mozilla.org" and
"addons.mozilla.org").
A combination of vulnerability 1 and 2 can be exploited to execute
arbitrary code.
NOTE: Exploit code is publicly available.
The vulnerabilities have been confirmed in version 1.0.3. Other
versions may also be affected.
SOLUTION:
Disable JavaScript.
Regards
Dick