SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Mozilla Firefox Vendors:   Mozilla.org
(Fedora Issues Fix) Mozilla Firefox Drag and Drop Error Lets Remote Users Open Privileged XUL
SecurityTracker Alert ID:  1013533
SecurityTracker URL:  http://securitytracker.com/id/1013533
CVE Reference:   CVE-2005-0401   (Links to External Site)
Date:  Mar 24 2005
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 1.0.2
Description:   A vulnerability was reported in Mozilla Firefox in the processing of drag and drop operations. A remote user can open privileged XUL code with some user interaction.

A remote user can create a specially crafted web page with an object that, if dragged by the target user, can bypass XUL access controls and open privileged XUL.

It may be possible to execute arbitrary code, depending on the browser and browser extensions.

A demonstration exploit is available at:

http://mikx.de/firescrolling2/

Michael Krax discovered this vulnerability.

Impact:   A remote user can cause privileged XUL code to be executed (with some user interaction). This may allow arbitrary code execution, depending on the available browser extensions.
Solution:   Fedora has released a fix, available at:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

a461bc4e69e10779b3a46944f6b3fd23 SRPMS/firefox-1.0.2-1.3.1.src.rpm
1951b68e390da2f45177df9c016240a0 x86_64/firefox-1.0.2-1.3.1.x86_64.rpm
a81f4837b641ae78f3f6559cbf05715c
x86_64/debug/firefox-debuginfo-1.0.2-1.3.1.x86_64.rpm
9b19361c8a3dc98edaa07eb1043c11b3 i386/firefox-1.0.2-1.3.1.i386.rpm
a97e425d13c5abb994520829b16b8063
i386/debug/firefox-debuginfo-1.0.2-1.3.1.i386.rpm

Vendor URL:  www.mozilla.org/security/announce/mfsa2005-32.html (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Red Hat Fedora)
Underlying OS Comments:  FC3

Message History:   This archive entry is a follow-up to the message listed below.
Mar 23 2005 Mozilla Firefox Drag and Drop Error Lets Remote Users Open Privileged XUL



 Source Message Contents

Subject:  [SECURITY] Fedora Core 3 Update: firefox-1.0.2-1.3.1


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-246
2005-03-23
---------------------------------------------------------------------

Product     : Fedora Core 3
Name        : firefox
Version     : 1.0.2
Release     : 1.3.1
Summary     : Mozilla Firefox Web browser.
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

---------------------------------------------------------------------
Update Information:


A buffer overflow bug was found in the way Firefox processes GIF images. 
It is possible for an attacker to create a specially crafted GIF image, 
which when viewed by a victim will execute arbitrary code as the victim. 
The Common Vulnerabilities and Exposures project (cve.mitre.org) has 
assigned the name CAN-2005-0399 to this issue.

A bug was found in the way Firefox processes XUL content. If a malicious
web page can trick a user into dragging an object, it is possible to 
load malicious XUL content. The Common Vulnerabilities and Exposures 
project (cve.mitre.org) has assigned the name CAN-2005-0401 to this issue.

A bug was found in the way Firefox bookmarks content to the sidebar. If 
a user can be tricked into bookmarking a malicious web page into the 
sidebar panel, that page could execute arbitrary programs. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the 
name CAN-2005-0402 to this issue.

Users of Firefox are advised to upgrade to this updated package which
contains Firefox version 1.0.2 and is not vulnerable to these issues.

Additionally, there was a bug found in the way Firefox rendered some 
fonts, notably the Tahoma font while italicized.  This issue has been 
filed as Bug 150041 (bugzilla.redhat.com).  This updated package 
contains a fix for this issue.


---------------------------------------------------------------------
* Wed Mar 23 2005 Christopher Aillon <caillon@redhat.com> 0:1.0.2-1.3.1

- Firefox 1.0.2
- Fix issues with italic rendering using certain fonts (e.g. Tahoma)
- Add upstream fix to reduce round trips to xserver during remote control
- Add upstream fix to call g_set_application_name


---------------------------------------------------------------------
This update can be downloaded from:
   http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

a461bc4e69e10779b3a46944f6b3fd23  SRPMS/firefox-1.0.2-1.3.1.src.rpm
1951b68e390da2f45177df9c016240a0  x86_64/firefox-1.0.2-1.3.1.x86_64.rpm
a81f4837b641ae78f3f6559cbf05715c 
x86_64/debug/firefox-debuginfo-1.0.2-1.3.1.x86_64.rpm
9b19361c8a3dc98edaa07eb1043c11b3  i386/firefox-1.0.2-1.3.1.i386.rpm
a97e425d13c5abb994520829b16b8063 
i386/debug/firefox-debuginfo-1.0.2-1.3.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------

--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC