National Cyber Alert System

Cyber Security Alert SA06-107A


Mozilla Products Contain Multiple Vulnerabilities

Original release date: April 17, 2006
Last revised: --
Source: US-CERT


Systems Affected

* Mozilla web browser
* Mozilla email application
* Firefox web browser
* Thunderbird email application
* Mozilla Suite


Overview

By taking advantage of one or more vulnerabilities in Mozilla
products, an attacker may be able to take control of your computer.


Solution

Upgrade to the latest versions of Firefox and Thunderbird

Mozilla has released an updated version of Firefox to correct these
problems.

Mozilla has released an updated version of the Thunderbird email
program to correct these problems.


Description

There are vulnerabilities in various features of the Mozilla web
browser, Mozilla email application, Firefox web browser, and
Thunderbird email application. Some of the vulnerabilities involve
the way these applications handle URLs or images. For instance, an
attacker could cause an application to crash or could take control
of your computer by convincing you to view a malicious web site or
email message.

For more technical information, see US-CERT Technical Alert
TA06-107A.


References

* Mozilla Foundation Security Advisories -
http://www.mozilla.org/security/announce/

* US-CERT Technical Cyber Security Alert TA06-107A -
http://www.us-cert.gov/cas/techalerts/TA06-107A.html

* US-CERT Vulnerability Notes Related to April Mozilla Security
Advisories -
[link]<http://www.kb.cert.org/vuls/byid?searchview&query=mozilla_April_2
006>[/link]


* US-CERT Vulnerability Note VU#932734 -
http://www.kb.cert.org/vuls/id/932734

* US-CERT Vulnerability Note VU#968814 -
http://www.kb.cert.org/vuls/id/968814

* US-CERT Vulnerability Note VU#179014 -
http://www.kb.cert.org/vuls/id/179014

* US-CERT Vulnerability Note VU#488774 -
http://www.kb.cert.org/vuls/id/488774

* US-CERT Vulnerability Note VU#842094 -
http://www.kb.cert.org/vuls/id/842094

* US-CERT Vulnerability Note VU#813230 -
http://www.kb.cert.org/vuls/id/813230

* US-CERT Vulnerability Note VU#736934 -
http://www.kb.cert.org/vuls/id/736934

* US-CERT Vulnerability Note VU#935556 -
http://www.kb.cert.org/vuls/id/935556

* US-CERT Vulnerability Note VU#350262 -
http://www.kb.cert.org/vuls/id/350262

* US-CERT Vulnerability Note VU#252324 -
http://www.kb.cert.org/vuls/id/252324

* US-CERT Vulnerability Note VU#329500 -
http://www.kb.cert.org/vuls/id/329500

* Firefox - Rediscover the Web - http://www.mozilla.com/firefox/
* Thunderbird - Reclaim your inbox -
http://www.mozilla.com/thunderbird/

* Mozilla Suite - The All-in-One Internet Application Suite -
http://www.mozilla.org/products/mozilla1.x/

* Securing Your Web Browser -

http://www.us-cert.gov/reading_room/securing_browser/browser_security.html#Mozilla_Firefox/



____________________________________________________________________

The most recent version of this document can be found at:

http://www.us-cert.gov/cas/alerts/SA06-107A.html ____________________________________________________________________

Feedback can be directed to US-CERT. Please send email to
http://cert@cert.org with "SA06-107A Feedback VU#968814" in the subject. ____________________________________________________________________

Mailing list information:

http://www.us-cert.gov/cas/ ____________________________________________________________________

Produced 2006 by US-CERT, a government organization.

Terms of use:

http://www.us-cert.gov/legal.html

---

Account frozen...

There was a critical update that FF automatically installed this weekend. I wonder if this was it.

It was just a matter of time, and I'm sure that many more will be found...now that FireFox is becoming popular...the bottom line is that nothing is or will be secure on the net. The hackers, crackers, script kiddies, and the Russian mafia will see to that.

---

Account frozen...

Just this year alone.


Mozilla Foundation Security Advisories
This page indexes security advisories issued by the Mozilla Foundation for all products. Please see the Known Vulnerabilities page for a breakdown by product and version.

Impact key:
Critical: Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
High: Vulnerability can be used to interact gather sensitive data from other sites the user is visiting or inject data or code into those sites, requiring no more than normal browsing actions.
Moderate: Vulnerabilities that would otherwise be High or Critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps.
Low: Minor security vulnerabilities such as Denial of Service attacks, minor data leaks, or spoofs. (Undetectable spoofs of SSL indicia would have "High" impact because those are generally used to steal sensitive data intended for other sites.)
April 13, 2006
MFSA 2006-29 Spoofing with translucent windows
MFSA 2006-28 Security check of js_ValueToFunctionObject() can be circumvented
MFSA 2006-26 Mail Multiple Information Disclosure
MFSA 2006-25 Privilege escalation through Print Preview
MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest
MFSA 2006-23 File stealing by changing input type
MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability
MFSA 2006-20 Crashes with evidence of memory corruption (rv:1.8.0.2)
MFSA 2006-19 Cross-site scripting using .valueOf.call()
MFSA 2006-18 Mozilla Firefox Tag Order Vulnerability
MFSA 2006-17 cross-site scripting through window.controllers
MFSA 2006-16 Accessing XBL compilation scope via valueOf.call()
MFSA 2006-15 Privilege escalation using a JavaScript function's cloned parent
MFSA 2006-14 Privilege escalation via XBL.method.eval
MFSA 2006-13 Downloading executables with "Save Image As..."
MFSA 2006-12 Secure-site spoof (requires security warning dialog)
MFSA 2006-11 Crashes with evidence of memory corruption (rv:1.8)
MFSA 2006-10 JavaScript garbage-collection hazard audit
MFSA 2006-09 Cross-site JavaScript injection using event handlers

February 1, 2006
MFSA 2006-08 "AnyName" entrainment and access control hazard
MFSA 2006-07 Read beyond buffer while parsing XML
MFSA 2006-06 Integer overflows in E4X, SVG and Canvas
MFSA 2006-05 Localstore.rdf XML injection through XULDocument.persist()
MFSA 2006-04 Memory corruption via QueryInterface on Location, Navigator objects
MFSA 2006-03 Long document title causes startup denial of Service
MFSA 2006-02 Changing postion:relative to static corrupts memory
MFSA 2006-01 JavaScript garbage-collection hazards

September 22, 2005
MFSA 2005-59 Command-line handling on Linux allows shell execution
MFSA 2005-58 Firefox 1.0.7 / Mozilla Suite 1.7.12 Vulnerability Fixes
MFSA 2005-57 IDN heap overrun using soft-hyphens

July 12, 2005
MFSA 2005-56 Code execution through shared function objects
MFSA 2005-55 XHTML node spoofing
MFSA 2005-54 Javascript prompt origin spoofing
MFSA 2005-53 Standalone applications can run arbitrary code through the browser
MFSA 2005-52 Same origin violation: frame calling top.focus()
MFSA 2005-51 The return of frame-injection spoofing
MFSA 2005-50 Exploitable crash in InstallVersion.compareTo()
MFSA 2005-49 Script injection from Firefox sidebar panel using data:
MFSA 2005-48 Same-origin violation with InstallTrigger callback
MFSA 2005-47 Code execution via "Set as Wallpaper"
MFSA 2005-46 XBL scripts ran even when Javascript disabled
MFSA 2005-45 Content-generated event vulnerabilities

May 11, 2005
MFSA 2005-44 Privilege escalation via non-DOM property overrides
MFSA 2005-43 "Wrapped" javascript: urls bypass security checks

May 8, 2005
MFSA 2005-42 Code execution via javascript: IconURL

April 15, 2005
MFSA 2005-41 Privilege escalation via DOM property overrides
MFSA 2005-40 Missing Install object instance checks
MFSA 2005-39 Arbitrary code execution from Firefox sidebar panel II
MFSA 2005-38 Search plugin cross-site scripting
MFSA 2005-37 Code execution through javascript: favicons
MFSA 2005-36 Cross-site scripting through global scope pollution
MFSA 2005-35 Showing blocked javascript: popup uses wrong privilege context
MFSA 2005-34 javascript: PLUGINSPAGE code execution
MFSA 2005-33 Javascript "lambda" replace exposes memory contents

March 22, 2005
MFSA 2005-32 Drag and drop loading of privileged XUL
MFSA 2005-31 Arbitrary code execution from Firefox sidebar panel
MFSA 2005-30 GIF heap overflow parsing Netscape extension 2

February 24, 2005
MFSA 2005-29 Internationalized Domain Name (IDN) homograph spoofing
MFSA 2005-28 Unsafe /tmp/plugtmp directory exploitable to erase user's files
MFSA 2005-27 Plugins can be used to load privileged content
MFSA 2005-26 Cross-site scripting by dropping javascript: link on tab
MFSA 2005-25 Image drag and drop executable spoofing
MFSA 2005-24 HTTP auth prompt tab spoofing
MFSA 2005-23 Download dialog source spoofing
MFSA 2005-22 Download dialog spoofing using Content-Disposition header
MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
MFSA 2005-20 XSLT can include stylesheets from arbitrary hosts
MFSA 2005-19 Autocomplete data leak
MFSA 2005-18 Memory overwrite in string library
MFSA 2005-17 Install source spoofing with user:pass@host
MFSA 2005-16 Spoofing download and security dialogs with overlapping windows
MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion
MFSA 2005-14 SSL "secure site" indicator spoofing
MFSA 2005-13 Window Injection Spoofing

January 21, 2005
MFSA 2005-12 javascript: Livefeed bookmarks can steal private data
MFSA 2005-11 Mail client responds to cookie requests
MFSA 2005-10 javascript: links launch Internet Explorer
MFSA 2005-09 Browser responds to proxy auth request from non-proxy ssl server
MFSA 2005-08 Synthetic middle-click event can steal clipboard contents
MFSA 2005-07 Script-generated event can download content without prompting
MFSA 2005-06 Heap overrun handling malicious news: URL
MFSA 2005-05 Input stealing from other tabs
MFSA 2005-04 Secure site lock can be spoofed using view-source:
MFSA 2005-03 Secure site lock can be spoofed by a binary download
MFSA 2005-02 Opened attachments are temporarily saved world-readable
MFSA 2005-01 Link opened in new tab can load local file

And you thought only Microsoft IE was bad?!
--------------------------------------------------------------------------------

---

Account frozen...

And you thought only Microsoft IE was bad?!

Yes, I do... M$ just isn't up front about all their issues. I think it's a very rare security update that doesn't have something for IE in it...

And you thought only Microsoft IE was bad?!

Yes, I do... M$ just isn't up front about all their issues. I think it's a very rare security update that doesn't have something for IE in it...

You missed the point of my message...i.e., they ALL have security issues. So who's to say which one is better than the other; that's all.

---

Account frozen...

I wonder how Opera stacks up?

Live long and crunch.

You missed the point of my message...i.e., they ALL have security issues. So who's to say which one is better than the other; that's all.

True, but the fact that IE is tied in so closely with the OS, security issues seem more worrisome to me. Justified or not, that's how I see it. ;)

And you thought only Microsoft IE was bad?!

Yes, I do... M$ just isn't up front about all their issues. I think it's a very rare security update that doesn't have something for IE in it...

You missed the point of my message...i.e., they ALL have security issues. So who's to say which one is better than the other; that's all.

I know a couple of guys who'll twist such a statement so it looks like you say MS products have no security issues at all - and then call you blind for reality...

---

And you thought only Microsoft IE was bad?!

Yes, I do... M$ just isn't up front about all their issues. I think it's a very rare security update that doesn't have something for IE in it...

You missed the point of my message...i.e., they ALL have security issues. So who's to say which one is better than the other; that's all.

I know a couple of guys who'll twist such a statement so it looks like you say MS products have no security issues at all - and then call you blind for reality...

There are reports of security vulnerabilities on a variety of different software products from a variety of different sources...Microsoft gets most of the heat about this because they produce the most popular operating system...But there are plenty of problems to go around...And more updates and patches to apply...On and on...And so it's goes.

---

PROUD TO BE TFFE!

And you thought only Microsoft IE was bad?!

Yes, I do... M$ just isn't up front about all their issues. I think it's a very rare security update that doesn't have something for IE in it...

You missed the point of my message...i.e., they ALL have security issues. So who's to say which one is better than the other; that's all.

I know a couple of guys who'll twist such a statement so it looks like you say MS products have no security issues at all - and then call you blind for reality...

I don't think so, MS is full of holes, like the rest...probably Safari is the most secure because they have the least number of users.

---

Account frozen...

probably Safari is the most secure because they have the least number of users.

Camino and Safari are relatively secure because no one would go through the process of targeting OS X when there's far more mayhem possible on the Windows side of the Internet divide.

The most secure of all is lynx and links, which of course don't do much by today's standards.

---