GLSA-200505-11 : Mozilla Suite, Mozilla Firefox: Remote compromise

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-200505-11
(Mozilla Suite, Mozilla Firefox: Remote compromise)

The Mozilla Suite and Firefox do not properly protect 'IFRAME'
JavaScript URLs from being executed in context of another URL in the
history list (CAN-2005-1476). The Mozilla Suite and Firefox also fail
to verify the 'IconURL' parameter of the 'InstallTrigger.install()'
function (CAN-2005-1477). Michael Krax and Georgi Guninski discovered
that it is possible to bypass JavaScript-injection security checks by
wrapping the javascript: URL within the view-source: or jar:
pseudo-protocols (MFSA2005-43).

Impact :

A malicious remote attacker could use the 'IFRAME' issue to
execute arbitrary JavaScript code within the context of another
website, allowing to steal cookies or other sensitive data. By
supplying a javascript: URL as the 'IconURL' parameter of the
'InstallTrigger.Install()' function, a remote attacker could also
execute arbitrary JavaScript code. Combining both vulnerabilities with
a website which is allowed to install software or wrapping javascript:
URLs within the view-source: or jar: pseudo-protocols could possibly
lead to the execution of arbitrary code with user privileges.

Workaround :

Affected systems can be protected by disabling JavaScript.
However, we encourage Mozilla Suite or Mozilla Firefox users to upgrade
to the latest available version.

See also :

http://www.mozilla.org/security/announce/mfsa2005-43.html
http://www.gentoo.org/security/en/glsa/glsa-200505-11.xml

Solution :

All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-1.0.4'
All Mozilla Firefox binary users should upgrade to the latest
version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-bin-1.0.4'
All Mozilla Suite users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-client/mozilla-1.7.8'
All Mozilla Suite binary users should upgrade to the latest
version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-client/mozilla-bin-1.7.8'

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)

Family: Gentoo Local Security Checks

Nessus Plugin ID: 18270 (gentoo_GLSA-200505-11.nasl)

Bugtraq ID:

CVE ID: CVE-2005-1476
CVE-2005-1477