CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
July 17th, 2008

Mozilla Releases Firefox 2.0.0.16 With Two Security Updates

Mozilla has released Firefox 2.0.0.16 to address two vulnerabilities. Exploitation of these vulnerabilities may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. One of these vulnerabilities may also affect Thunderbird and SeaMonkey.

The vulnerabilities are:

MFSA 2008-34 : Remote code execution by overflowing CSS reference counter.

MFSA 2008-35 : Command-line URLs launch multiple tabs when Firefox not running.

If Firefox is not already running, passing it a command-line URI with pipe (”|”) symbols will open multiple tabs. This URI splitting could be used to launch chrome: URIs from the command-line, a partial bypass of the fix for MFSA 2005-53 which was intended to block external applications from loading such URIs (that vulnerability remains fixed, however).

This vulnerability could also be used by an attacker to pass URIs to Firefox that would normally be handled by a vector application by appending it to a URI not handled by the vector application. For example, web browsers normally handle file: URIs themselves, or block them from web content altogether, but this flaw enabled attackers to pass them from another browser into Firefox. In Firefox 2 scripts running from file: URIs can read data from a user’s entire disk, a risk if the attacker could first place a malicious file in a guessable location on the local disk.

Firefox 3 users can not update their browser yet but there is an unofficial 3.0.1-rc1 version which can be downloaded from Mozilla FTP.

In Firefox 3 scripts running in local files have limited access to other files, almost entirely mitigating the file: attack. However, combined with a vulnerability which allows an attacker to inject script into a chrome document the above issue could be used to run arbitrary code on a victim’s computer. Such a chrome injection vulnerability was discovered in Firefox 3 by Mozilla developers Ben Turner and Dan Veditz who showed that a XUL based error page was not properly sanitizing inputs and could be used in this attack.

Users should review Mozilla Foundation security advisories and upgrade to a fixed version or implement the workarounds listed in the documents to help mitigate the risks.

Update: Actually there are three updates, not two:

MFSA 2008-36: Crash with malformed GIF file on Mac OS X. Where a specially crafted GIF file caused the browser to free an uninitialized pointer. This can crash the browser and allow arbitrary code execution on the victim’s computer.

Email, Bookmark or Share:
  • E-mail this story to a friend!
  • Digg
  • del.icio.us
  • StumbleUpon
  • Reddit
  • Technorati
  • Slashdot
  • Propeller
  • Google
  • Live
  • YahooMyWeb
  • TwitThis
  • Facebook
  • LinkedIn

More on CyberInsecure:
  • Firefox 2.0.0.13 Is Out
  • Mozilla Fixes 12 Security Vulnerabilities In Firefox 2.0.0.15
  • Numerous Securty Vulnerabilities Patched In Firefox 3.0.5
  • Password Bug Fixed Sooner Than Expected in Firefox 3.0.3
  • Mozilla Firefox 3.0 Final Version Available For Download

    • Posted in Software, Vulnerabilities | Print This Post Print This Post

    This entry was posted on Thursday, July 17th, 2008 at 5:07 am and is filed under Software, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Mozilla Releases Firefox 2.0.0.16 With Two Security Updates

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « « Remote Code Execution Through Intel CPU Vulnerability Will Be Presented In Hack In The Box Security Conference
    Critical PDF Processing Vulnerability In BlackBerry Enterprise Server » »