Updated: Mozilla Firefox Two Critical Vulnerabilities
Friday, 13 May 2005 by Michel Roth
Two vulnerabilities have been discovered in Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system.

1) The problem is that "IFRAME" JavaScript URLs are not properly protected from being executed in context of another URL in the history list. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an arbitrary site.

2) Input passed to the "IconURL" parameter in "InstallTrigger.install()" is not properly verified before being used. This can be exploited to execute arbitrary JavaScript code with escalated privileges via a specially crafted JavaScript URL.

Exploit code is in the wild! At this point there is no hotfix to correct the issue but there is a workaround. Read about the workaround and more here. It is anticipated that the Mozilla Foundation will release a Firefox 1.0.4 update shortly.

Read the Secunia advisory here.

Update: the Mozilla Foundation has released the Firefox 1.0.4 update to (ao) fix the vulnerabilities mentioned.

Related Items:

Citrix Products Login Page Cross-Site Scripting Vulnerability (1 December 2005)
Citrix Web Interface On-line Help Feature Cross Site Scripting Vulnerability (19 December 2007)
Firefox IDN URL Domain Name Buffer Overflow (13 September 2005)
Warning: Microsoft Windows WMF Handling Arbitrary Code Execution - Exploit In the Wild (29 December 2005)
Firefox Multiple Vulnerabilities (13 July 2005)
VMware ESX Server Multiple Vulnerabilities (5 April 2007)
Internet Explorer "object" Tag Memory Corruption Code Execution (26 April 2006)
Zero Day Microsoft Word Unspecified Code Execution Vulnerability (20 May 2006)
Microsoft Windows "itss.dll" Heap Corruption Unpatched Vulnerability (10 May 2006)
0-Day Microsoft Excel Unspecified Code Execution Vulnerability (19 June 2006)
Comments (0)add feed
Show/Hide comment formtoggle
password
 

busy