GLSA-200505-11 : Mozilla Suite, Mozilla Firefox: Remote compromise

Medium Nessus Plugin ID 18270

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 6.7

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200505-11 (Mozilla Suite, Mozilla Firefox: Remote compromise)

The Mozilla Suite and Firefox do not properly protect 'IFRAME' JavaScript URLs from being executed in context of another URL in the history list (CAN-2005-1476). The Mozilla Suite and Firefox also fail to verify the 'IconURL' parameter of the 'InstallTrigger.install()' function (CAN-2005-1477). Michael Krax and Georgi Guninski discovered that it is possible to bypass JavaScript-injection security checks by wrapping the javascript: URL within the view-source: or jar:
pseudo-protocols (MFSA2005-43).
Impact :

A malicious remote attacker could use the 'IFRAME' issue to execute arbitrary JavaScript code within the context of another website, allowing to steal cookies or other sensitive data. By supplying a javascript: URL as the 'IconURL' parameter of the 'InstallTrigger.Install()' function, a remote attacker could also execute arbitrary JavaScript code. Combining both vulnerabilities with a website which is allowed to install software or wrapping javascript:
URLs within the view-source: or jar: pseudo-protocols could possibly lead to the execution of arbitrary code with user privileges.
Workaround :

Affected systems can be protected by disabling JavaScript.
However, we encourage Mozilla Suite or Mozilla Firefox users to upgrade to the latest available version.

Solution

All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-1.0.4' All Mozilla Firefox binary users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-bin-1.0.4' All Mozilla Suite users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-client/mozilla-1.7.8' All Mozilla Suite binary users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-client/mozilla-bin-1.7.8'

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2005-43/

https://security.gentoo.org/glsa/200505-11

Plugin Details

Severity: Medium

ID: 18270

File Name: gentoo_GLSA-200505-11.nasl

Version: 1.19

Type: local

Published: 2005/05/17

Updated: 2019/08/02

Dependencies: 12634

Risk Information

Risk Factor: Medium

VPR Score: 6.7

CVSS v2.0

Base Score: 5.1

Temporal Score: 4

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:mozilla, p-cpe:/a:gentoo:linux:mozilla-bin, p-cpe:/a:gentoo:linux:mozilla-firefox, p-cpe:/a:gentoo:linux:mozilla-firefox-bin, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2005/05/15

Reference Information

CVE: CVE-2005-1476, CVE-2005-1477

GLSA: 200505-11