Firefox / Mozilla / Thunderbird Multiple Vulnerabilities - YotaTech Forums
YotaTech Forums  

Go Back   YotaTech Forums > Toyota Forums Available > Electronics > Computer Talk
Reload this Page Firefox / Mozilla / Thunderbird Multiple Vulnerabilities
Home Photo Gallery Register All AlbumsBlogs Forum FAQFlashChat Members List Calendar Search Today's Posts Mark Forums Read Vendor Directory

Notices
Please note that the email server is about 1 to 2 hours behind, so please do not create a second account while waiting for your registration letter to arrive

Welcome to Yotatech!
Welcome to Yotatech,

You are currently viewing our forum as a guest, which gives you limited access to view most discussions and access our other features. By joining our community, at no cost, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is free, fast and simple, so please join our community today!


Reply
 
Thread Tools Search this Thread
Old 01-31-2005, 10:02 AM   #1 (permalink)
Senior Member
 
data's Avatar
 
Join Date: Jun 2002
Location: Arkansas
Posts: 1,915
Send a message via AIM to data Send a message via MSN to data Send a message via Yahoo to data
Firefox / Mozilla / Thunderbird Multiple Vulnerabilities
TITLE:
Firefox / Mozilla / Thunderbird Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA14017

VERIFY ADVISORY:
http://secunia.com/advisories/14017/

CRITICAL:
Moderately critical

IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information, Exposure of sensitive information

WHERE:
From remote

SOFTWARE:
Mozilla 0.x
http://secunia.com/product/772/
Mozilla 1.0
http://secunia.com/product/97/
Mozilla 1.1
http://secunia.com/product/98/
Mozilla 1.2
http://secunia.com/product/3100/
Mozilla 1.3
http://secunia.com/product/1480/
Mozilla 1.4
http://secunia.com/product/1481/
Mozilla 1.5
http://secunia.com/product/2478/
Mozilla 1.6
http://secunia.com/product/3101/
Mozilla 1.7.x
http://secunia.com/product/3691/
Mozilla Firefox 0.x
http://secunia.com/product/3256/
Mozilla Thunderbird 0.x
http://secunia.com/product/2637/

DESCRIPTION:
Details have been released about several vulnerabilities in Firefox, Mozilla and Thunderbird. These can be exploited by malicious people to bypass certain security restrictions, conduct spoofing and script insertion attacks and disclose sensitive and system information.

1) An error in the handling of links with a custom getter and "toString()" function can be exploited to link to local resources by tricking a user into opening a malicious link in a new tab.

The vulnerability has been reported in versions prior to Firefox 1.0 and Mozilla 1.7.5.

2) An error in the displaying of the SSL lock icon can be exploited by a malicious web site to force the SSL lock icon to appear by loading a binary file from a secure server.

The vulnerability has been reported in versions prior to Firefox 1.0 and Mozilla 1.7.5.

3) A malicious web site can spoof the SSL lock icon via a specially crafted "view-source:" URL.

The vulnerability has been reported in versions prior to Firefox 1.0 and Mozilla 1.7.5.

4) Script generated clicks are treated similar as normal clicks and can e.g. be exploited to trigger downloads without user prompts.

The vulnerability has been reported in versions prior to Firefox 1.0.

5) An error in the handling of script generated middle-click events can be exploited to disclose the clipboard content on certain systems.

The vulnerability has been reported in versions prior to Firefox 1.0 and Mozilla 1.7.5.

6) An error in the handling of "407" proxy authorization requests can be exploited via arbitrary SSL servers to disclose NTLM or SPNEGO credentials.

Successful exploitation requires that a proxy has been configured.

The vulnerability has been reported in versions prior to Firefox 1.0 and Mozilla 1.7.5.

7) The problem is that "javascript:" URLs are loaded by the operating system's default handler (e.g. Microsoft Internet Explorer) from the mail client.

The problem has been reported in versions prior to Thunderbird 0.9.

8) The mail client incorrectly responds to cookie requests over HTTP.

The vulnerability has been reported in Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3.

9) The problem is that Livefeed bookmarks can contain "javascript:"
and "data:" URLs. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of the currently loaded site when the Livefeed is updated.

The vulnerability has been reported in versions prior to Firefox 1.0.

SOLUTION:
Mozilla:
Update to version 1.7.5.
http://www.mozilla.org/products/mozilla1.x/

Firefox:
Update to version 1.0.
http://www.mozilla.org/products/firefox/

Thunderbird:
Update to version 1.0.
http://www.mozilla.org/products/thunderbird/

PROVIDED AND/OR DISCOVERED BY:
1) Jesse Ruderman
2) Kylotan
3) Kohei Yoshino
4) Omar Khan
5) Jesse Ruderman
6) Christopher Nebergall
7) Tom Braun
8) Michiel van Leeuwen
9) Omar Khan

ORIGINAL ADVISORY:
1) http://www.mozilla.org/security/anno...sa2005-01.html
2) http://www.mozilla.org/security/anno...sa2005-03.html
3) http://www.mozilla.org/security/anno...sa2005-04.html
4) http://www.mozilla.org/security/anno...sa2005-07.html
5) http://www.mozilla.org/security/anno...sa2005-08.html
6) http://www.mozilla.org/security/anno...sa2005-09.html
7) http://www.mozilla.org/security/anno...sa2005-10.html
8) http://www.mozilla.org/security/anno...sa2005-11.html
9) http://www.mozilla.org/security/anno...sa2005-12.html
This ad is not displayed to registered members.
Register your free account today and become a member on Yotatech!
__________________
98 Limited 4x4, Rockstomper skid, Rockware Front bumper, Warn HS9500i, 1" RB BL, Tundra coils front & OME HD rear, Nuke quick discos, diff drop'd, 305/70/16 Baja Claws, Electric Locker, couple of battle scars, but nothing major :)
data is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« photoshop7 | Navi/GPS + Wx Overlay? »
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
mozilla firebird problem Glenn Computer Talk 3 03-12-2005 10:41 AM
Thunderbird? Churnd Computer Talk 3 10-06-2004 10:23 PM
Mozilla Fire Fox 1.0 released amusement Computer Talk 0 09-15-2004 10:59 PM
Mozilla Firebird browser Corey Off Topic Talk 12 01-15-2004 07:38 AM


All times are GMT -8. The time now is 05:02 AM.

Contact Us - YotaTech - Archive - Top

Advertising - Privacy Policy - Terms of Use - Jobs
Powered by vBulletin® Version 3.7.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0
Powered by vbWiki Pro . Copyright ©2006, NuHit, LLC
2009 InternetBrands, Inc.