20050313 Firefox 1.01 : spoofing status bar without using JavaScript

14568

1013423

14885

12798

ADV-2005-0260

mozilla-save-link-as-dialog-spoofing(19540)

The remote host is using Firefox. The remote version of this software contains multiple security flaws that can be exploited by a malicious website.  An attacker exploiting one of these flaws would need to be able to either convince a remote user to visit a malicious website or convince the remote user to open an HTML email and save an attachment.
In addition, this version is vulnerable to a remote flaw that could result in arbitrary code execution.  Specifically, if a malicious web page is bookmarked as a sidebar panel, the malicious page may open and inject code into privileged pages.  An attacker exploiting this flaw would need to be able to convince a user to both visit and bookmark their malicious web page.

The remote host is running a vulnerable version of Mozilla Thunderbird mail client. It is reported that this version of Mozilla or Mozilla Thunderbird is vulnerable to a flaw where embedded HTML tagging allows a remote attacker to spoof the 'Save as' dialog box and convince an unsuspecting user in download a malicious file.  An attacker exploiting this flaw would need to be able to convince a remote user to click on a malicious link. Successful exploitation would result in malicious code being downloaded onto the client machine.
Secondly, The remote version of this software is vulnerable to a heap overflow vulnerability when it processes GIF images.  An attacker may exploit this flaw to execute arbitrary code on the remote host. To exploit this flaw, an attacker would need to send a malformed GIF image to a victim on the remote host and wait for him or her to open it. 

stripped_description=Versions of Mozilla Firefox prior to 1.7.6 are affected by the following vulnerabilities :

 - There is a flaw in the way that the browser handles scripting within 'tabbed' cross-domains.  An attacker exploiting this flaw would need to be able to convince a user to click on a malicious URL which would then open a separate 'TAB' within the browser.  The attacker could then retrieve data relevant to other tabbed connections or execute code locally.
 - There is a flaw in the default 'about: config' script that would allow an attacker to modify configuration data.  In order to execute such an attack, the attacker would need to be able to entice the user into visiting or clicking on a malicious URL.  A successful attacker would be able to modify the local configuration file, resulting in enhanced access rights or other potential exploits.  In addition, there are other unconfirmed flaws in Mozilla version 1.7.5 and lower. 

The remote host is using Firefox. The remote version of this software contains the following security flaws: 
1) There is a flaw in the way that the browser handle scripting within 'tabbed' cross-domains.  An attacker exploiting this flaw would need to be able to coerce a user into clicking on a malicious URL which would then open a separate 'TAB' within the browser.  The attacker could then retrieve data relevant to other tabbed connections or execute code locally.
2)There is a flaw in the default about: config script that would allow an attacker to modify configuration data. In order to execute such an attack, the attacker would need to be able to entice the user into visiting or clicking on a malicious URL.  A successful attacker would be able to modify the local configuration file, resulting in enhanced access rights or other potential exploits.

The remote host is using Mozilla, a web browser. The remote version of this software contains the following security flaws: 
1) There is a flaw in the way that the browser handles scripting within 'tabbed' cross-domains.  An attacker exploiting this flaw would need to be able to convince a user to click on a malicious URL which would then open a separate 'TAB' within the browser.  The attacker could then retrieve data relevant to other tabbed connections or execute code locally.
2)There is a flaw in the default about: config script that would allow an attacker to modify configuration data.  In order to execute such an attack, the attacker would need to be able to entice the user into visiting or clicking on a malicious URL.  A successful attacker would be able to modify the local configuration file, resulting in enhanced access rights or other potential exploits.  In addition, there are other unconfirmed flaws in Mozilla version 1.7.5 and lower.

ID	Name	Product	Family	Severity
2704	Mozilla Firefox < 1.0.2 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
2703	Mozilla Thunderbird < 1.0.2 Multiple Vulnerabilities (deprecated)	Nessus Network Monitor	SMTP Clients	high
2671	Mozilla Firefox < 1.7.6 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
2652	Mozilla Firefox < 1.0.1 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
801221	Mozilla Thunderbird < 1.0.2 Multiple Vulnerabilities	Log Correlation Engine	SMTP Clients	high
801215	Mozilla < 1.7.6 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high

CVE-2005-4809

MEDIUM

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

Vulnerable Software

Configuration 1

Tenable Plugins

medium

high

high

high

high

high