HOME > ADVISORIES


   ADVISORIES

CERT-In Advisory CIAD-2006-33
Multiple Vulnerabilities in Mozilla Products

Original issue date: September 18, 2006

Severity Rating: High

Systems Affected

  • Mozilla Firefox versions prior to 1.5.0.7
  • Mozilla Thunderbird versions prior to 1.5.0.7
  • Mozilla SeaMonkey versions prior to 1.0.5
  • Mozilla Network Security Service (NSS) versions prior to 3.11.3

Overview

Multiple vulnerabilities have been reported in Mozilla products, which could be exploited by attackers to execute arbitrary commands and denial-of-service attacks.

Description

1. JavaScript regular expression heap overflow vulnerability (CVE-2006-4565, CVE-2006-4566)

Heap overflow vulnerability has been reported due to error in processing javascript regular expression containing a minimal quantifier. An attacker could specially craft JavaScript regular expressions to run arbitrary code on the affected system.

2. Auto-update compromise through DNS and SSL spoofing (CVE-2006-4567)

A vulnerability has been reported due to an error in auto-update mechanism to validate certificates used by Firefox and Thunderbird. An attacker could trick the user to accept unverifiable self-signed certificates through DNS spoofing and redirects the user to the malicious site. The vulnerability could be exploited to run arbitrary code on the affected system.

3. Memory Corruption Vulnerability (CVE-2006-4571)

A memory corruption vulnerability has been reported when handling malformed contents which could be exploited by malicious web sites to crash a vulnerable application or execute arbitrary commands.

4. RSA Signature Verification vulnerability (CVE-2006-4340 , CVE-2006-4339, CIAD-2006-27)

A vulnerability has been reported due to an error in the Network Security Services (NSS) library during RSA signature verification which could be exploited by attackers to forge signatures.

5. JavaScript execution vulnerability in mail via XBL (CVE-2006-4570)

This vulnerability exits due to a JavaScript execution in mail via XBL even the JavaScript disabled in mail (the default). An attacker can still execute JavaScript when a mail message is viewed, replied to, or forwarded by putting the script in a remote XBL file loaded by the message. The executed script could be used to alter or change the appearance of the message, and can act as a "mail-tap" to spy on the contents added to a reply or forward. This could be exploited by remote attackers to compromise system or data.

6. JavaScript regular expressions Buffer Overflow Vulnerability (CVE-2006-4253)

A vulnerability has been reported in Mozilla Firefox 1.5.0.6 and earlier due to buffer overflow errors while processing specially crafted JavaScript regular expressions. This vulnerability could be exploited by remote attacker to execute arbitrary code through multiple JavaScript timed events that load a deeply nested XML file on the affected system cause denial of service attack.

7. Popup-blocker cross-site scripting (XSS) Vulnerability (CVE-2006-4569)

A vulnerability has been reported in Mozilla Firefox. When blocked popups opened from the status bar "Blocked popups" icon always opened in the context of the site listed in the address bar. This could allow the attacker to perform a cross-site scripting attack against the framing web site.

8. Frame spoofing using document.open() (CVE-2006-4568)

It has been seen that a cross-site scripting attack could be triggered by a remote attacker due to an error in handling content injected from a website into a sub frame of another site using "targetWindow.frames[n].document.open()" function.

Solution

Upgrade to the latest versions
http://www.mozilla.org/products/

Vendor Information

Mozilla Foundation
http://www.mozilla.org

References

FrSIRT
http://www.frsirt.com/english/advisories/2006/3617

Secunia
http://secunia.com/advisories/21513
http://secunia.com/advisories/21940/
http://secunia.com/advisories/21939/
http://secunia.com/advisories/21903/

Mozilla Foundation Security Advisories http://www.mozilla.org/security/announce/

CVE Name

CVE-2006-4253
CVE-2006-4265
CVE-2006-4566
CVE-2006-4567
CVE-2006-4568
CVE-2006-4569
CVE-2006-4588
CVE-2006-4570
CVE-2006-4577

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003