Detections
Analytics

FreeBSD : mozilla -- privilege escalation via DOM property overrides (f650d5b8-ae62-11d9-a788-0001020eed82)

high Nessus Plugin ID 19171

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

A Mozilla Foundation Security Advisory reports :

moz_bug_r_a4 reported several exploits giving an attacker the ability to install malicious code or steal data, requiring only that the user do commonplace actions like click on a link or open the context menu.
The common cause in each case was privileged UI code ('chrome') being overly trusting of DOM nodes from the content window. Scripts in the web page can override properties and methods of DOM nodes and shadow the native values, unless steps are taken to get the true underlying values.

We found that most extensions also interacted with content DOM in a natural, but unsafe, manner. Changes were made so that chrome code using this natural DOM coding style will now automatically use the native DOM value if it exists without having to use cumbersome wrapper objects.

Most of the specific exploits involved tricking the privileged code into calling eval() on an attacker-supplied script string, or the equivalent using the Script() object. Checks were added in the security manager to make sure eval and Script objects are run with the privileges of the context that created them, not the potentially elevated privileges of the context calling them.

Workaround: Disable JavaScript

Solution

Update the affected packages.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2005-41/

http://www.nessus.org/u?b8c8fce6

Plugin Details

Severity: High

ID: 19171

File Name: freebsd_pkg_f650d5b8ae6211d9a7880001020eed82.nasl

Version: 1.16

Type: local

Published: 7/13/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:de-linux-mozillafirebird, p-cpe:/a:freebsd:freebsd:de-linux-netscape, p-cpe:/a:freebsd:freebsd:de-netscape7, p-cpe:/a:freebsd:freebsd:el-linux-mozillafirebird, p-cpe:/a:freebsd:freebsd:firefox, p-cpe:/a:freebsd:freebsd:fr-linux-netscape, p-cpe:/a:freebsd:freebsd:fr-netscape7, p-cpe:/a:freebsd:freebsd:ja-linux-mozillafirebird-gtk1, p-cpe:/a:freebsd:freebsd:ja-linux-netscape, p-cpe:/a:freebsd:freebsd:ja-mozillafirebird-gtk2, p-cpe:/a:freebsd:freebsd:ja-netscape7, p-cpe:/a:freebsd:freebsd:linux-firefox, p-cpe:/a:freebsd:freebsd:linux-mozilla, p-cpe:/a:freebsd:freebsd:linux-mozilla-devel, p-cpe:/a:freebsd:freebsd:linux-mozillafirebird, p-cpe:/a:freebsd:freebsd:linux-netscape, p-cpe:/a:freebsd:freebsd:linux-phoenix, p-cpe:/a:freebsd:freebsd:mozilla, p-cpe:/a:freebsd:freebsd:mozilla%2bipv6, p-cpe:/a:freebsd:freebsd:mozilla-embedded, p-cpe:/a:freebsd:freebsd:mozilla-firebird, p-cpe:/a:freebsd:freebsd:mozilla-gtk, p-cpe:/a:freebsd:freebsd:mozilla-gtk1, p-cpe:/a:freebsd:freebsd:mozilla-gtk2, p-cpe:/a:freebsd:freebsd:mozilla-thunderbird, p-cpe:/a:freebsd:freebsd:netscape7, p-cpe:/a:freebsd:freebsd:phoenix, p-cpe:/a:freebsd:freebsd:pt_br-netscape7, p-cpe:/a:freebsd:freebsd:ru-linux-mozillafirebird, p-cpe:/a:freebsd:freebsd:zhcn-linux-mozillafirebird, p-cpe:/a:freebsd:freebsd:zhtw-linux-mozillafirebird, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 4/16/2005

Vulnerability Publication Date: 4/15/2005