Ubuntu 5.04 : mozilla-firefox vulnerabilities (USN-134-1)

High Nessus Plugin ID 20525

Synopsis

The remote Ubuntu host is missing one or more security-related patches.

Description

It was discovered that a malicious website could inject arbitrary scripts into a target site by loading it into a frame and navigating back to a previous JavaScript URL that contained an eval() call. This could be used to steal cookies or other confidential data from the target site. If the target site is allowed to raise the install confirmation dialog in Firefox then this flaw even allowed the malicious site to execute arbitrary code with the privileges of the Firefox user. By default only the Mozilla Update site is allowed to attempt software installation; however, users can permit this for additional sites. (MFSA 2005-42)

Michael Krax, Georgi Guninski, and L. David Baron found that the security checks that prevent script injection could be bypassed by wrapping a javascript: url in another pseudo-protocol like 'view-source:' or 'jar:'. (CAN-2005-1531)

A variant of the attack described in CAN-2005-1160 (see USN-124-1) was discovered. Additional checks were added to make sure JavaScript eval and Script objects are run with the privileges of the context that created them, not the potentially elevated privilege of the context calling them. (CAN-2005-1532)

Note: These flaws also apply to Ubuntu 5.04's Mozilla, and to the Ubuntu 4.10 versions of Firefox and Mozilla. These will be fixed soon.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 20525

File Name: ubuntu_USN-134-1.nasl

Version: 1.15

Type: local

Agent: unix

Published: 2006/01/15

Updated: 2019/08/02

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox, p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dev, p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dom-inspector, p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-gnome-support, cpe:/o:canonical:ubuntu_linux:5.04

Required KB Items: Host/cpu, Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l

Patch Publication Date: 2005/05/26

Reference Information

CVE: CVE-2005-1160, CVE-2005-1531, CVE-2005-1532

USN: 134-1