SECUNIA ADVISORY ID: SA31106
VERIFY ADVISORY: http://secunia.com/advisories/31106/
CRITICAL: Highly critical
IMPACT: Security Bypass, Spoofing, System access
SOFTWARE: Mozilla Firefox 3.x - http://secunia.com/product/19089/
DESCRIPTION: Some vulnerabilities have been reported in Firefox 3, which can be exploited by malicious people to bypass certain security restrictions, potentially conduct spoofing attacks, or compromise a user's system. The vulnerabilities are reported in versions prior to 3.0.1.
1) A vulnerability can be exploited to launch e.g. "file" or "chrome:" URIs in Firefox. For more information see: SA31120
2) Input passed to XUL based error pages is not properly sanitised before being returned to a user and can be exploited to e.g. conduct spoofing attacks. In combination with vulnerability #1 this can be exploited to inject arbitrary script code and execute arbitrary code in "chrome" context, but requires that a specially crafted URI is passed to Firefox and that Firefox is not running.
SOLUTION: Update to version 3.0.1 - http://www.mozilla.com/en-US/firefox/
PROVIDED AND/OR DISCOVERED BY: The vendor credits:
1) Billy Rios
2) Ben Turner and Dan Veditz (Mozilla developers)
ORIGINAL ADVISORY: MFSA 2008-35: http://www.mozilla.org/security/announce/2008/mfsa2008-35.html
|
This article comes from Ravens PHP Scripts
https://www.ravenphpscripts.com
The URL for this story is:
https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3381
https://www.ravenphpscripts.com
The URL for this story is:
https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3381