Ubuntu 5.04 : mozilla-firefox vulnerabilities (USN-134-1)
High Nessus Plugin ID 20525
Synopsis
The remote Ubuntu host is missing one or more security-related patches.
Description
It was discovered that a malicious website could inject arbitrary scripts into a target site by loading it into a frame and navigating back to a previous JavaScript URL that contained an eval() call. This could be used to steal cookies or other confidential data from the target site. If the target site is allowed to raise the install confirmation dialog in Firefox then this flaw even allowed the malicious site to execute arbitrary code with the privileges of the Firefox user. By default only the Mozilla Update site is allowed to attempt software installation; however, users can permit this for additional sites. (MFSA 2005-42)
Michael Krax, Georgi Guninski, and L. David Baron found that the security checks that prevent script injection could be bypassed by wrapping a javascript: url in another pseudo-protocol like 'view-source:' or 'jar:'. (CAN-2005-1531)
A variant of the attack described in CAN-2005-1160 (see USN-124-1) was discovered. Additional checks were added to make sure JavaScript eval and Script objects are run with the privileges of the context that created them, not the potentially elevated privilege of the context calling them. (CAN-2005-1532)
Note: These flaws also apply to Ubuntu 5.04's Mozilla, and to the Ubuntu 4.10 versions of Firefox and Mozilla. These will be fixed soon.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
Update the affected packages.