[Secure-testing-team] Bug#505557: Mozilla Firefox 3 Multiple Vulnerabilities

Giuseppe Iuculano giuseppe at iuculano.it
Thu Nov 13 14:26:20 UTC 2008 

Package: iceweasel
Version: 3.0.3-3
Severity: critical
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi,

The following SA (Secunia Advisory) id was published for Firefox 3.

SA32713[1]

Description:
Some vulnerabilities have been reported in Mozilla Firefox, which can be
exploited by malicious people to disclose sensitive information, bypass
certain security restrictions, or compromise a user's system.

1) An error when processing "file:" URIs can be exploited to execute
arbitrary JavaScript code with chrome privileges by tricking a user into
opening a malicious local file in a tab previously opened for a
"chrome:" document or a privileged "about:" URI.

2) Various errors in the layout engine can be exploited to cause memory
corruptions and potentially execute arbitrary code.

3) An error in the browser engine can be exploited to cause a crash.

For more information see vulnerability #5 in:
SA32693

4) An error in the JavaScript engine can be exploited to cause a memory
corruption and potentially execute arbitrary code.

5) An error in the browser's restore feature can be exploited to violate
the same-origin policy.

For more information see vulnerability #7 in:
SA32693

6) An error in the processing of the "http-index-format" MIME type can
be exploited to execute arbitrary code.

For more information see vulnerability #8 in:
SA32693

7) An error in the DOM constructing code can be exploited to dereference
uninitialized memory and potentially execute arbitrary code:

For more information see vulnerability #9 in:
SA32693

8) An error in "nsXMLHttpRequest::NotifyEventListeners()" can be
exploited to bypass certain security restrictions.

For more information see vulnerability #10 in:
SA32693

9) An error can be exploited to manipulate signed JAR files and execute
arbitrary JavaScript code in the context of another site.

For more information see vulnerability #11 in:
SA32693

10) An error exists when parsing E4X documents can be exploited to
inject arbitrary XML code.

For more information see vulnerability #12 in:
SA32693

The vulnerabilities are reported in versions prior to 3.0.4.

Solution:
Update to version 3.0.4.


CVE reference:

CVE-2008-0017
CVE-2008-5015
CVE-2008-5016
CVE-2008-5017
CVE-2008-5018
CVE-2008-5019
CVE-2008-5021
CVE-2008-5022
CVE-2008-5023
CVE-2008-5024

If you fix the vulnerability please also make sure to include the the CVE id in the changelog entry.


[1]http://secunia.com/advisories/32713/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkcOQkACgkQNxpp46476arZ+QCfZ9MG8NFbSAMAXKBnB/Lx5BWn
6woAoJ99q6HGzMo1XWDCrNh9swljrkO3
=U3tk
-----END PGP SIGNATURE-----

More information about the Secure-testing-team mailing list