Tuesday, October 27, 2009

Mozilla Firefox Code Execution and Information Disclosure Vulnerabilities

Multiple vulnerabilities have been identified in Mozilla Firefox,
which could be exploited by attackers to manipulate or disclose
certain data, bypass security restrictions or compromise a vulnerable
system.

The first issue is caused by an error within the form history, which
could allow malicious web sites to trick a vulnerable browser into
auto-filling form fields with history entries and then reading the
entries.

The second vulnerability is caused due to a predictable file naming
scheme being used to download a file which already exists in the
downloads folder, which could allow an attacker with access to a
vulnerable system to place a malicious file in the world-writable
directory used to save temporary downloaded files and cause the
browser to open it.

The third issue is caused by a memory corruption error within the
processing of recursive web-worker calls, which could be exploited to
crash an affected browser or execute arbitrary code.

The fourth vulnerability is caused by a memory corruption error within
the parsing of regular expressions used in Proxy Auto-configuration
(PAC) files, which could allow attackers to crash an affected browser
or execute arbitrary code on a system where PAC has been configured
with specific regular expresssions.

The fifth issue is caused by a heap overflow error in the GIF image
parser, which could be exploited to crash an affected browser or
execute arbitrary code.

The sixth vulnerability is caused due to the XPCOM utility
"XPCVariant::VariantDataToJS" unwrapping doubly-wrapped objects before
returning them to chrome callers, which could result in chrome
privileged code calling methods on an object which had previously been
created or modified by web content, leading to the execution of
malicious JavaScript code with chrome privileges.

The seventh issue is caused by a heap overflow error in the string to
floating point number conversion routines, which could be exploited to
crash an affected browser or execute arbitrary code.

The eighth vulnerability is caused due to a same-origin policy bypass
via the "document.getSelection" function, which could be exploited to
conduct cross-domain scripting attacks.

The ninth vulnerability is caused by an error when downloading a file
with a name containing a right-to-left override character (RTL), which
could be exploited to obfuscate the name and extension of a malicious
file to be downloaded and opened.

The tenth issue is caused by memory corruption errors in the
JavaScript and browser engines when parsing malformed data, which
could be exploited by attackers to crash a vulnerable browser or
execute arbitrary code.

Other memory corruption errors related to liboggz, libvorbis, and
liboggplay have also been reported, which could be exploited by
attackers to compromise a vunerable system.

Affected Products

Mozilla Firefox versions prior to 3.5.4
Mozilla Firefox versions prior to 3.0.15

No comments:

Hack the Box Blue

https://arcy24.medium.com/hack-the-box-blue-f5ae5b602a5c