On CNET: Start your holiday tech shopping
BNET Business Network:
BNET
TechRepublic
ZDNet

June 12th, 2009

Mozilla slaps band-aid on 11 Firefox flaws

Posted by Ryan Naraine @ 6:35 am

Categories: Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Exploit code, Firefox, Hackers, Malware, Microsoft, Mozilla, Open source, Patch Watch, Pen testing, Responsible disclosure, Zero-day attacks

Tags:

Mozilla has joined this week’s patchapalooza with the release of a Firefox update to fix 11 documented security vulnerabilities.

Six of the 11 issues are in advisories rated “critical” because of the risk of code execution attacks that could allow hackers to take complete control of a compromised machine. Here’s a snapshot of the critical issues:

MFSA 2009-32 JavaScript chrome privilege escalation

Mozilla security researcher moz_bug_r_a4 reported a vulnerability which allows scripts from page content to run with elevated privileges. Using this vulnerability, an attacker could cause a chrome privileged object, such as the browser sidebar or the FeedWriter, to interact with web content in such a way that attacker controlled code may be executed with the object’s chrome privileges.

MFSA 2009-29 Arbitrary code execution using event listeners attached to an element whose owner document is null

Mozilla security researcher moz_bug_r_a4 reported that the owner document of an element can become null after garbage collection. In such cases, event listeners may be executed within the wrong JavaScript context. An attacker could potentially use this vulnerability to have a malicious event handler execute arbitrary JavaScript with chrome privileges.

MFSA 2009-28 Race condition while accessing the private data of a NPObject JS wrapper class object

Jakob Balle and Carsten Eiram of Secunia Research reported a race condition in NPObjWrapper_NewResolve when accessing the properties of a NPObject, a wrapped JSObject. Balle and Eiram demonstrated that this condition could be reached by navigating away from a web page during the loading of a Java applet. Under such conditions the Java object would be destroyed but later called into resulting in a free memory read. It might be possible for an attacker to write to the freed memory before it is reused and run arbitrary code on the victim’s computer.

MFSA 2009-24 Crashes with evidence of memory corruption

Mozilla developers and community members identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.  There are three difference CVEs attached to these crashes.

Firefox 3.0.11 is shipped via the browser’s automatic update mechanism.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 64 Talkback(s)
RE: Mozilla slaps band-aid on 11 Firefox flaws
Why use the word "band-aid" ? (Read the rest)
Posted by: llemm Posted on: 07/09/09 You are currently: a Guest | | Terms of Use
Change your headline...  TriangleDoor | 06/12/09
I have seen it used with MS too. Did you cry then as well?  Qbt | 06/12/09
I've never understood...  jasonp@... | 06/12/09
I'm pointing out the typical hypocricy you find here on ZDNet  Qbt | 06/12/09
ZDN: come for the hypocrisy  Jack-Booted EULA | 06/12/09
And those that have lost the argument...  Qbt | 06/12/09
Silly typos?  Isocrates | 06/15/09
Your Point?  Zyloch | 06/15/09
...such as MS diehards and anti-Linux diehards. nt  Isocrates | 06/15/09
I left that part unsaid.  Zyloch | 06/19/09
Agreed- Headline is a litte misleading  snafu_77 | 06/12/09
Maybe next time...  zkiwi | 06/13/09
I Mozilla has seen its best days already  jscott418 | 06/12/09
Firefox 3.5 is super!  gmontagu@... | 06/15/09
3.5?????  mummainsaudi | 06/16/09
3.5  tmsbrdrs | 06/16/09
FF 3.5  Pationl | 06/16/09
FF 3.5 RC1 !  gmontagu@... | 06/16/09
FF 3.5 RC1  gmontagu@... | 06/16/09
instability in FF  mummainsaudi | 06/16/09
suggestion  tmsbrdrs | 06/16/09
Another suggestion  Greenknight_z | 06/16/09
My experience is opposite!  clareJ | 06/16/09
Can't tell that by my experience  mdsock@... | 06/16/09
RE: Mozilla slaps band-aid on 11 Firefox flaws  Loverock Davidson | 06/12/09
At least . . .  JLHenry | 06/12/09
Agreed  mathcreative | 06/12/09
Install them side-by-side  Greenknight_z | 06/16/09
SeaMonkey & Thunderbird.  phatkat | 06/15/09
SeaMonkey is independant  Greenknight_z | 06/16/09
FF 3.5 RC1 available!  gmontagu@... | 06/15/09
RE: Mozilla slaps band-aid on 11 Firefox flaws  Louis Ross Focke | 06/12/09
re: OS  Badgered | 06/12/09
They don't do OS specific updates - nt  Greenknight_z | 06/16/09
Bandaid on Mozilla Firefox flaw?  as901 | 06/13/09
No, it has not. No, it has not. No it has not.  honeymonster | 06/14/09
You conveniently stopped at IE 7  zkiwi | 06/14/09
IE7 is 3 years old. How far back do you want to go?  honeymonster | 06/14/09
Seeing as IE6 has an ongoing significant market share  zkiwi | 06/14/09
Dishonest?  honeymonster | 06/14/09
Because you are dishonest, or plain stupid, or both  zkiwi | 06/15/09
slight problem with your comparisons  tmsbrdrs | 06/16/09
No surprises there. A little attention and bugs are everywhere.  transposeIT | 06/15/09
Who called Firefox infallible?  tmsbrdrs | 06/16/09
Linux too?  jdieter@... | 06/15/09
Linux too?  jdieter@... | 06/15/09
Never say never  honeymonster | 06/15/09
RE: Mozilla slaps band-aid on 11 Firefox flaws  patty1wahm | 06/15/09
RE: Mozilla slaps band-aid on 11 Firefox flaws  bluzzone@... | 06/15/09
RE: Mozilla slaps band-aid on 11 Firefox flaws  cyfaill | 06/15/09
FF 3.5 RC1 available!  gmontagu@... | 06/15/09
RE: Mozilla slaps band-aid on 11 Firefox flaws  pbh444 | 06/15/09
Microsoft damage to Firefox  chaz15 | 06/15/09
WHat's a band aid?  redking44 | 06/15/09
Re: What's a Band Aid  JimB62 | 06/15/09
RE: Mozilla slaps band-aid on 11 Firefox flaws  craigerstar | 06/15/09
Mozilla 3.5 preview  gizmofan777 | 06/16/09
RE: Mozilla slaps band-aid on 11 Firefox flaws  alewisa | 06/16/09
Firefox invaded my PC  hlinc.founder@... | 06/16/09
RE: Mozilla slaps band-aid on 11 Firefox flaws  BillDrew | 06/16/09
Wanted: filter for screening stupid and inane comments  BillDrew | 06/16/09
RE: Mozilla slaps band-aid on 11 Firefox flaws  ILuvARose1954@... | 06/17/09
RE: Mozilla slaps band-aid on 11 Firefox flaws  gmontagu@... | 06/17/09
RE: Mozilla slaps band-aid on 11 Firefox flaws  llemm | 07/09/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
Click Here

Recent Entries

advertisement
Click Here

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

Meet Doc