36126

266148

http://www.mozilla.org/security/announce/2009/mfsa2009-45.html

35927

ADV-2009-2142

https://bugzilla.mozilla.org/show_bug.cgi?id=502832

https://bugzilla.mozilla.org/show_bug.cgi?id=503144

FEDORA-2009-8279

FEDORA-2009-8288

From Red Hat Security Advisory 2009:1430 :

Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. nspr provides the Netscape Portable Runtime (NSPR).

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3070, CVE-2009-3071, CVE-2009-3072, CVE-2009-3074, CVE-2009-3075)

A use-after-free flaw was found in Firefox. An attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3077)

A flaw was found in the way Firefox handles malformed JavaScript. A website with an object containing malicious JavaScript could execute that JavaScript with the privileges of the user running Firefox.
(CVE-2009-3079)

Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user's machine, making it possible to trick the user into believing they are viewing a trusted site or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3076)

A flaw was found in the way Firefox displays the address bar when window.open() is called in a certain way. An attacker could use this flaw to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site. (CVE-2009-2654)

A flaw was found in the way Firefox displays certain Unicode characters. An attacker could use this flaw to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site. (CVE-2009-3078)

For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.14. You can find a link to the Mozilla advisories in the References section of this errata.

All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.14, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.

The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Mozilla Firefox,       Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the       CVE identifiers referenced below for details.
  Impact :

    A remote attacker could entice a user to view a specially crafted web       page or email, possibly resulting in execution of arbitrary code or a       Denial of Service condition. Furthermore, a remote attacker may be able       to perform Man-in-the-Middle attacks, obtain sensitive information,       bypass restrictions and protection mechanisms, force file downloads,       conduct XML injection attacks, conduct XSS attacks, bypass the Same       Origin Policy, spoof URL&rsquo;s for phishing attacks, trigger a vertical       scroll, spoof the location bar, spoof an SSL indicator, modify the       browser&rsquo;s font, conduct clickjacking attacks, or have other unspecified       impact.
    A local attacker could gain escalated privileges, obtain sensitive       information, or replace an arbitrary downloaded file.
  Workaround :

    There is no known workaround at this time.

This update brings the Mozilla Firefox browser to the 3.0.14 stable release.

It also fixes various security issues: MFSA 2009-47 / CVE-2009-3069 / CVE-2009-3070 / CVE-2009-3071 / CVE-2009-3072 / CVE-2009-3073 / CVE-2009-30 / CVE-2009-3075: Mozilla developers and community members identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

MFSA 2009-48 / CVE-2009-3076: Mozilla security researcher Jesse Rudermanreported that when security modules were added or removed via pkcs11.addmodule or pkcs11.deletemodule, the resulting dialog was not sufficiently informative. Without sufficient warning, an attacker could entice a victim to install a malicious PKCS11 module and affect the cryptographic integrity of the victim's browser. Security researcher Dan Kaminsky reported that this issue had not been fixed in Firefox 3.0 and that under certain circumstances pkcs11 modules could be installed from a remote location. Firefox 3.5 releases are not affected.

MFSA 2009-49 / CVE-2009-3077: An anonymous security researcher, via TippingPoint's Zero Day Initiative, reported that the columns of a XUL tree element could be manipulated in a particular way which would leave a pointer owned by the column pointing to freed memory. An attacker could potentially use this vulnerability to crash a victim's browser and run arbitrary code on the victim's computer.

MFSA 2009-50 / CVE-2009-3078: Security researcher Juan Pablo Lopez Yacubian reported that the default Windows font used to render the locationbar and other text fields was improperly displaying certain Unicode characters with tall line-height. In such cases the tall line-height would cause the rest of the text in the input field to be scrolled vertically out of view. An attacker could use this vulnerability to prevent a user from seeing the URL of a malicious site. Corrie Sloot also independently reported this issue to Mozilla.

MFSA 2009-51 / CVE-2009-3079: Mozilla security researcher moz_bug_r_a4 reported that the BrowserFeedWriter could be leveraged to run JavaScript code from web content with elevated privileges. Using this vulnerability, an attacker could construct an object containing malicious JavaScript and cause the FeedWriter to process the object, running the malicious code with chrome privileges. Thunderbird does not support the BrowserFeedWriter object and is not vulnerable in its default configuration. Thunderbird might be vulnerable if the user has installed any add-on which adds a similarly implemented feature and then enables JavaScript in mail messages. This is not the default setting and we strongly discourage users from running JavaScript in mail.

Issues fixed in the 3.0.13 release were: MFSA 2009-44 / CVE-2009-2654:
Security researcher Juan Pablo Lopez Yacubian reported that an attacker could call window.open() on an invalid URL which looks similar to a legitimate URL and then use document.write() to place content within the new document, appearing to have come from the spoofed location. Additionally, if the spoofed document was created by a document with a valid SSL certificate, the SSL indicators would be carried over into the spoofed document. An attacker could use these issues to display misleading location and SSL information for a malicious web page.

MFSA 2009-45 / CVE-2009-2662:The browser engine in Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the TraceRecorder::snapshot function in js/src/jstracer.cpp, and unspecified other vectors.

CVE-2009-2663 / MFSA 2009-45: libvorbis before r16182, as used in Mozilla Firefox before 3.0.13 and 3.5.x before 3.5.2 and other products, allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .ogg file.

CVE-2009-2664 / MFSA 2009-45: The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript engine in Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to cause a denial of service (assertion failure and application exit) or possibly execute arbitrary code via a crafted .js file, related to a 'memory safety bug.

MozillaFirefox was updated to the 3.0.13 release, fixing some security issues and bugs :

  - Security researcher Juan Pablo Lopez Yacubian reported     that an attacker could call window.open() on an invalid     URL which looks similar to a legitimate URL and then use     document.write() to place content within the new     document, appearing to have come from the spoofed     location. Additionally, if the spoofed document was     created by a document with a valid SSL certificate, the     SSL indicators would be carried over into the spoofed     document. An attacker could use these issues to display     misleading location and SSL information for a malicious     web page. (MFSA 2009-44 / CVE-2009-2654)

  - The browser engine in Mozilla Firefox before 3.0.13, and     3.5.x before 3.5.2, allows remote attackers to cause a     denial of service (memory corruption and application     crash) or possibly execute arbitrary code via vectors     related to the TraceRecorder::snapshot function in     js/src/jstracer.cpp, and unspecified other vectors.
    (MFSA 2009-45 / CVE-2009-2662)

  - libvorbis before r16182, as used in Mozilla Firefox     before 3.0.13 and 3.5.x before 3.5.2 and other products,     allows context-dependent attackers to cause a denial of     service (memory corruption and application crash) or     possibly execute arbitrary code via a crafted .ogg file.
    (CVE-2009-2663 / MFSA 2009-45)

  - The js_watch_set function in js/src/jsdbgapi.cpp in the     JavaScript engine in Mozilla Firefox before 3.0.13, and     3.5.x before 3.5.2, allows remote attackers to cause a     denial of service (assertion failure and application     exit) or possibly execute arbitrary code via a crafted     .js file, related to a 'memory safety bug.'.
    (CVE-2009-2664 / MFSA 2009-45)

Mozilla Firefox was updated to the 3.0.13 release, fixing some security issues and bugs :

  - Security researcher Juan Pablo Lopez Yacubian reported     that an attacker could call window.open() on an invalid     URL which looks similar to a legitimate URL and then use     document.write() to place content within the new     document, appearing to have come from the spoofed     location. Additionally, if the spoofed document was     created by a document with a valid SSL certificate, the     SSL indicators would be carried over into the spoofed     document. An attacker could use these issues to display     misleading location and SSL information for a malicious     web page. (MFSA 2009-44 / CVE-2009-2654)

  - The browser engine in Mozilla Firefox before 3.0.13, and     3.5.x before 3.5.2, allows remote attackers to cause a     denial of service (memory corruption and application     crash) or possibly execute arbitrary code via vectors     related to the TraceRecorder::snapshot function in     js/src/jstracer.cpp, and unspecified other vectors.
    (MFSA 2009-45 / CVE-2009-2662)

  - libvorbis before r16182, as used in Mozilla Firefox     before 3.0.13 and 3.5.x before 3.5.2 and other products,     allows context-dependent attackers to cause a denial of     service (memory corruption and application crash) or     possibly execute arbitrary code via a crafted .ogg file.
    (CVE-2009-2663 / MFSA 2009-45)

  - The js_watch_set function in js/src/jsdbgapi.cpp in the     JavaScript engine in Mozilla Firefox before 3.0.13, and     3.5.x before 3.5.2, allows remote attackers to cause a     denial of service (assertion failure and application     exit) or possibly execute arbitrary code via a crafted     .js file, related to a 'memory safety bug.'.
    (CVE-2009-2664 / MFSA 2009-45)

Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. nspr provides the Netscape Portable Runtime (NSPR).

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3070, CVE-2009-3071, CVE-2009-3072, CVE-2009-3074, CVE-2009-3075)

A use-after-free flaw was found in Firefox. An attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3077)

A flaw was found in the way Firefox handles malformed JavaScript. A website with an object containing malicious JavaScript could execute that JavaScript with the privileges of the user running Firefox.
(CVE-2009-3079)

Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user's machine, making it possible to trick the user into believing they are viewing a trusted site or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3076)

A flaw was found in the way Firefox displays the address bar when window.open() is called in a certain way. An attacker could use this flaw to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site. (CVE-2009-2654)

A flaw was found in the way Firefox displays certain Unicode characters. An attacker could use this flaw to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site. (CVE-2009-3078)

For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.14. You can find a link to the Mozilla advisories in the References section of this errata.

All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.14, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.

MozillaFirefox was updated to the 3.0.13 release, fixing some security issues and bugs :

MFSA 2009-44 / CVE-2009-2654: Security researcher Juan Pablo Lopez Yacubian reported that an attacker could call window.open() on an invalid URL which looks similar to a legitimate URL and then use document.write() to place content within the new document, appearing to have come from the spoofed location. Additionally, if the spoofed document was created by a document with a valid SSL certificate, the SSL indicators would be carried over into the spoofed document. An attacker could use these issues to display misleading location and SSL information for a malicious web page.

MFSA 2009-45 / CVE-2009-2662:The browser engine in Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the TraceRecorder::snapshot function in js/src/jstracer.cpp, and unspecified other vectors.

CVE-2009-2663 / MFSA 2009-45: libvorbis before r16182, as used in Mozilla Firefox before 3.0.13 and 3.5.x before 3.5.2 and other products, allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .ogg file.

CVE-2009-2664 / MFSA 2009-45: The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript engine in Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to cause a denial of service (assertion failure and application exit) or possibly execute arbitrary code via a crafted .js file, related to a 'memory safety bug.'

Update to new upstream Firefox version 3.0.13, fixing multiple security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#f irefox3.0.13 Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. Note: Issues described in MFSA 2009-42 and MFSA 2009-43 were previously addressed via rebase of the NSS packages.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Update to new upstream Firefox version 3.5.2, fixing multiple security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- vulnerabilities/firefox35.html#firefox3.5.2 Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The installed version of Firefox is earlier than 3.0.13/3.5.2. Such versions are reportedly affected by multiple memory corruption vulnerabilities. An attacker could exploit one of these issues to corrupt memory on the affected host and potentially run arbitrary code in the context of the user running the affected application.

The installed version of Firefox 3.5 is earlier than 3.5.2.  Such versions are potentially affected by the following security issues :

  - A SOCKS5 proxy that replies with a hostname containing     more than 15 characters can corrupt the subsequent     data stream.  This can lead to a denial of service,     though there is reportedly no memory corruption.
    (MFSA 2009-38)

  - The location bar and SSL indicators can be spoofed     by calling window.open() on an invalid URL. A remote     attacker could use this to perform a phishing attack.
    (MFSA 2009-44)

  - Unspecified JavaScript-related vulnerabilities can lead     to memory corruption, and possibly arbitrary execution     of code. (MFSA 2009-45, MFSA 2009-47)

  - If an add-on has a 'Link:' HTTP header when it is installed,     the window's global object receives an incorrect security     wrapper, which could lead to arbitrary JavaScript being     executed with chrome privileges. (MFSA 2009-46)

The installed version of Firefox is earlier than 3.0.13.  Such versions are potentially affected by the following security issues :

  - The browser can be fooled into trusting a malicious SSL     server certificate with a null character in the host name.
    (MFSA 2009-42)

  - A heap overflow in the code that handles regular     expressions in certificate names can lead to     arbitrary code execution. (MFSA 2009-43)

  - The location bar and SSL indicators can be spoofed     by calling window.open() on an invalid URL. A remote     attacker could use this to perform a phishing attack.
    (MFSA 2009-44)

  - Unspecified JavaScript-related vulnerabilities can lead     to memory corruption, and possibly arbitrary execution     of code. (MFSA 2009-45)

ID	Name	Product	Family	Severity
67922	Oracle Linux 4 / 5 : firefox (ELSA-2009-1430)	Nessus	Oracle Linux Local Security Checks	critical
63402	GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)	Nessus	Gentoo Local Security Checks	critical
41984	openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-6495)	Nessus	SuSE Local Security Checks	critical
41468	SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6433)	Nessus	SuSE Local Security Checks	critical
41358	SuSE 11 Security Update : Mozilla Firefox (SAT Patch Number 1200)	Nessus	SuSE Local Security Checks	critical
40932	CentOS 4 / 5 : firefox / seamonkey (CESA-2009:1430)	Nessus	CentOS Local Security Checks	critical
40921	RHEL 4 / 5 : firefox (RHSA-2009:1430)	Nessus	Red Hat Local Security Checks	critical
40648	openSUSE Security Update : MozillaFirefox (MozillaFirefox-1202)	Nessus	SuSE Local Security Checks	critical
40641	openSUSE Security Update : MozillaFirefox (MozillaFirefox-1202)	Nessus	SuSE Local Security Checks	critical
40484	Fedora 10 : Miro-2.0.5-3.fc10 / blam-1.8.5-13.fc10 / epiphany-2.24.3-9.fc10 / etc (2009-8288)	Nessus	Fedora Local Security Checks	critical
40483	Fedora 11 : kazehakase-0.5.6-11.svn3771_trunk.fc11.4 / Miro-2.0.5-3.fc11 / blam-1.8.5-13.fc11 / etc (2009-8279)	Nessus	Fedora Local Security Checks	critical
801358	Mozilla Firefox < 3.0.13/3.5.2 Proxy Response DoS	Log Correlation Engine	Web Clients	high
40479	Firefox 3.5.x < 3.5.2 Multiple Vulnerabilities	Nessus	Windows	high
40478	Firefox < 3.0.13 Multiple Vulnerabilities	Nessus	Windows	high
5115	Mozilla Firefox < 3.0.13/3.5.2 Proxy Response DoS	Nessus Network Monitor	Web Clients	medium

CVE-2009-2662

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins