FreeBSD : mozilla -- privilege escalation via DOM property overrides (f650d5b8-ae62-11d9-a788-0001020eed82)

This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

A Mozilla Foundation Security Advisory reports :

moz_bug_r_a4 reported several exploits giving an attacker the ability
to install malicious code or steal data, requiring only that the user
do commonplace actions like click on a link or open the context menu.
The common cause in each case was privileged UI code ('chrome') being
overly trusting of DOM nodes from the content window. Scripts in the
web page can override properties and methods of DOM nodes and shadow
the native values, unless steps are taken to get the true underlying
values.

We found that most extensions also interacted with content DOM in a
natural, but unsafe, manner. Changes were made so that chrome code
using this natural DOM coding style will now automatically use the
native DOM value if it exists without having to use cumbersome wrapper
objects.

Most of the specific exploits involved tricking the privileged code
into calling eval() on an attacker-supplied script string, or the
equivalent using the Script() object. Checks were added in the
security manager to make sure eval and Script objects are run with the
privileges of the context that created them, not the potentially
elevated privileges of the context calling them.

Workaround: Disable JavaScript

See also :

http://www.mozilla.org/security/announce/mfsa2005-41.html
http://www.nessus.org/u?325434e5

Solution :

Update the affected packages.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 19171 (freebsd_pkg_f650d5b8ae6211d9a7880001020eed82.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now