[NEWS] Mozilla Platform's Code Execution Vulnerabilities

• Previous message: SecuriTeam: "[EXPL] Microsoft Windows WAB DoS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: list@securiteam.com
Date: 24 Mar 2005 18:14:24 +0200

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

  Mozilla Platform's Code Execution Vulnerabilities
------------------------------------------------------------------------

SUMMARY

"The mission of the <www.mozilla.org> Mozilla project is to preserve
choice and innovation on the Internet."

Several vulnerabilities were identified in Mozilla Suite, Firefox and
Thunderbird, which may be exploited by attackers to execute arbitrary
commands or bypass certain security features.

DETAILS

Vulnerable Systems:
 * Mozilla Firefox version 1.0.1 and prior
 * Mozilla Suite version 1.7.5 and prior
 * Mozilla Thunderbird version 1.0.1 and prior

Immune Systems:
 * Mozilla Firefox version 1.0.2
 * Mozilla Suite version 1.7.6
 * Mozilla Thunderbird version 1.0.2

The first vulnerability is due to a heap overrun error when processing a
Netscape-specific extension block in GIF images, which may be exploited to
run arbitrary code on a vulnerable system via a web page or email message
containing a specially crafted GIF image.

The second flaw occurs if a user bookmarked a specially crafted page as a
Firefox sidebar panel, which could be exploited to execute arbitrary
programs by opening a privileged page and injecting JavaScript into it.

The third issue occurs when handling specially crafted XUL files, and may
be exploited to bypass the restriction on opening privileged XUL.

ADDITIONAL INFORMATION

The original article can be found at:
<http://www.k-otik.com/english/advisories/2005/0296>
http://www.k-otik.com/english/advisories/2005/0296
 <https://bugzilla.mozilla.org/show_bug.cgi?id=284627>
https://bugzilla.mozilla.org/show_bug.cgi?id=284627
 <https://bugzilla.mozilla.org/show_bug.cgi?id=285595>
https://bugzilla.mozilla.org/show_bug.cgi?id=285595
 <https://bugzilla.mozilla.org/show_bug.cgi?id=285438>
https://bugzilla.mozilla.org/show_bug.cgi?id=285438

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

• Previous message: SecuriTeam: "[EXPL] Microsoft Windows WAB DoS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]