On mySimon: Body Solid EXM 3000LPS
BNET Business Network:
BNET
TechRepublic
ZDNet

November 12th, 2008

Firefox security makeover: 11 vulnerabilities, 4 critical

Posted by Ryan Naraine @ 7:40 pm

Categories: Arbitrary Code Execution, Browsers, Denial of Service (DoS), Exploit code, Firefox, Linux, Malware, Mozilla, Patch Watch, Responsible disclosure, Vulnerability research

Tags: Mozilla Firefox, Vulnerability, JavaScript, Web Browser, Mozilla Corp., Web Browsers, Security, Internet, Ryan Naraine

11 vulnerabilities, 4 critical Mozilla has released a new version of its flagship Firefox browser to fix a total of 11 vulnerabilities that expose users to code execution, information stealing or denial-of-service attacks.

Four of the 11 flaws covered with the new Firefox 3.0.4 are rated “critical” because of the risk of code execution attacks via specially rigged Web pages.

The four critical vulnerabilities are:

  • MFSA 2008-55 Crash and remote code execution in nsFrameManager.  A vulnerability in part of Mozilla’s DOM constructing code can be exploited by modifying certain properties of a file input element before it has finished initializing. When the blur method of the modified input element is called, uninitialized memory is accessed by the browser, resulting in a crash. This crash may be used by an attacker to run arbitrary code on a victim’s computer.
  • MFSA 2008-54 Buffer overflow in http-index-format parser. This is a flaw in the way Mozilla parses the http-index-format MIME type. By sending a specially crafted 200 header line in the HTTP index response, an attacker can cause the browser to crash and run arbitrary code on the victim’s computer.
  • MFSA 2008-53 XSS and JavaScript privilege escalation via session restore. The browser’s session restore feature can be used to violate the same-origin policy and run JavaScript in the context of another site. Any otherwise unexploitable crash can be used to force the user into the session restore state. This vulnerability could also be used by an attacker to run arbitrary JavaScript with chrome privileges.
  • MFSA 2008-52 Crashes with evidence of memory corruption. Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

The Firefox update also fixes the following issues:

  • MFSA 2008-58 Parsing error in E4X default namespace
  • MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals
  • MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
  • MFSA 2008-51 file: URIs inherit chrome privileges when opened from chrome
  • MFSA 2008-47 Information stealing via local shortcut files

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 60 Talkback(s)
RE: Firefox security makeover: 11 vulnerabilities, 4 critical
I don't know just what you did with installation of FF3.04, but it and the numerous addons that I use run smoothly, start up and shut down quickly and without any errors EVER! I love 3.04 and will con... (Read the rest)
Posted by: THX 1138 Posted on: 11/27/08  (Edited: 11/27/08 @ 05:00) You are currently: a Guest | | Terms of Use
Tiny mistake  Wladimir Palant | 11/13/08
RE: Firefox security makeover: 11 vulnerabilities, 4 critical  ghot@... | 11/13/08
I think  ShadowGIATL | 11/13/08
Got brain?  Ronny102 | 11/13/08
Verbal Judo...  ShadowGIATL | 11/13/08
RE: Verbal Judo  bfilipiak@... | 11/13/08
I dunno...  ShadowGIATL | 11/13/08
Re: I dunno...  ghosko7772 | 11/14/08
I think...  ShadowGIATL | 11/14/08
It's an I-D-TEN-T error  oldbaritone | 11/18/08
Let No App Run unGuarded  eiverson@... | 11/13/08
at least half the security problems...  ShadowGIATL | 11/13/08
Does it improve start-up speed?  TonyF2013 | 11/13/08
Not sure...  daMan25 | 11/13/08
On XP with older machines it definitely does(NT)...  JCitizen | 11/13/08
Just be disciplined enough...  hasta la Vista, bah-bie | 11/13/08
RE: Just be diciplined enough...  bfilipiak@... | 11/13/08
Oh...  ShadowGIATL | 11/13/08
Not if you turn off those specific services through services.msc  hasta la Vista, bah-bie | 11/14/08
Well.  ShadowGIATL | 11/14/08
You can turn BITS off  hasta la Vista, bah-bie | 11/17/08
You can turn BITS off, but...  ShadowGIATL | 11/17/08
Go to Black Viper  hasta la Vista, bah-bie | 11/19/08
Secunia PSI (RC4) does a better job....  JCitizen | 11/15/08
Belarc Personal Advisor is great, too...  hasta la Vista, bah-bie | 11/17/08
Good one! ......(NT)  JCitizen | 11/18/08
Secunia PSI (RC4) as a security app has a problem,  THX 1138 | 11/27/08
Check your add-ons  JackLR | 11/13/08
RE: Check your addons.  bfilipiak@... | 11/13/08
Firefox 3.1, beta 1  dprozzo | 11/13/08
Not applicable  martian@... | 11/14/08
run arbitrary code - on Windows  Don Collins | 11/13/08
run arbitrary code - on a computer.  ShadowGIATL | 11/13/08
I agree  balaknair | 11/13/08
run arbitrary code - on a computer.  hasta la Vista, bah-bie | 11/13/08
What?  dprozzo | 11/13/08
"know there are risks"? NOT!  oldbaritone | 11/18/08
So your saying....  ShadowGIATL | 11/13/08
Don't give user the root password  Don Collins | 11/14/08
I'm happy for your friends and family...  ShadowGIATL | 11/14/08
Pal, I rarely have to use enter my password in Linux  hasta la Vista, bah-bie | 11/14/08
I bet you rarely sign in other then to complain on here.  ShadowGIATL | 11/14/08
What do you care...  hasta la Vista, bah-bie | 11/17/08
Because I don't like people  ShadowGIATL | 11/17/08
UAC and SW don't play well together  oldbaritone | 11/18/08
Lazy programmers  ShadowGIATL | 11/18/08
Too bad  hasta la Vista, bah-bie | 11/19/08
Indeed - these are mostly Windows related problems  kaffeboy | 11/13/08
RE: Firefox security makeover: 11 vulnerabilities, 4 critical  rcormick@... | 11/13/08
RE: Firefox - Speed Up Start up and reduce CPU usage  william.findlay | 11/13/08
RE: Firefox security makeover: 11 vulnerabilities, 4 critical  wsamuel3 | 11/13/08
just stop using computers  not of this world | 11/14/08
They need to stop it from crash when closeing  Randalllind | 11/14/08
RE: Firefox security makeover: 11 vulnerabilities, 4 critical  gmontagu@... | 11/15/08
RE: Firefox security makeover: 11 vulnerabilities, 4 critical  gmontagu@... | 11/15/08
I'm not sure...  Media-Ted@... | 11/15/08
ever since the update  ZeroAsakura | 11/17/08
RE: ever since the update  AlterGeek | 11/17/08
Re: ever since the update  ZeroAsakura | 11/17/08
RE: Firefox security makeover: 11 vulnerabilities, 4 critical  THX 1138 | 11/27/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

Meet Doc

  • Here to help you with your Document Management Needs
  • Doc is an enigma. Born to a Russian ballerina and a German electrical engineer, he grew up in various locations in the United States. He’s seen the insides of more brands, versions, and generations of printer and printer-related hardware than almost anyone.
  • To learn more about this mysterious figure check out his blog on ZDNet and his Workspace on TechRepublic. You’ll be glad you did.
  • Produced by
    ZDNet and