GLSA-200505-11 : Mozilla Suite, Mozilla Firefox: Remote compromise

medium Nessus Plugin ID 18270
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200505-11 (Mozilla Suite, Mozilla Firefox: Remote compromise)

The Mozilla Suite and Firefox do not properly protect 'IFRAME' JavaScript URLs from being executed in context of another URL in the history list (CAN-2005-1476). The Mozilla Suite and Firefox also fail to verify the 'IconURL' parameter of the 'InstallTrigger.install()' function (CAN-2005-1477). Michael Krax and Georgi Guninski discovered that it is possible to bypass JavaScript-injection security checks by wrapping the javascript: URL within the view-source: or jar:
pseudo-protocols (MFSA2005-43).
Impact :

A malicious remote attacker could use the 'IFRAME' issue to execute arbitrary JavaScript code within the context of another website, allowing to steal cookies or other sensitive data. By supplying a javascript: URL as the 'IconURL' parameter of the 'InstallTrigger.Install()' function, a remote attacker could also execute arbitrary JavaScript code. Combining both vulnerabilities with a website which is allowed to install software or wrapping javascript:
URLs within the view-source: or jar: pseudo-protocols could possibly lead to the execution of arbitrary code with user privileges.
Workaround :

Affected systems can be protected by disabling JavaScript.
However, we encourage Mozilla Suite or Mozilla Firefox users to upgrade to the latest available version.

Solution

All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-1.0.4' All Mozilla Firefox binary users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-bin-1.0.4' All Mozilla Suite users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-client/mozilla-1.7.8' All Mozilla Suite binary users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-client/mozilla-bin-1.7.8'

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2005-43/

https://security.gentoo.org/glsa/200505-11

Plugin Details

Severity: Medium

ID: 18270

File Name: gentoo_GLSA-200505-11.nasl

Version: 1.20

Type: local

Published: 5/17/2005

Updated: 1/6/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 5.1

Temporal Score: 4

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Temporal Vector: E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:mozilla, p-cpe:/a:gentoo:linux:mozilla-bin, p-cpe:/a:gentoo:linux:mozilla-firefox, p-cpe:/a:gentoo:linux:mozilla-firefox-bin, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/15/2005

Reference Information

CVE: CVE-2005-1476, CVE-2005-1477

GLSA: 200505-11