You are here

Home Ā» U-093: Mozilla Firefox Multiple Flaws Permit Remote Code Execution, Information Disclosure, and Cross-Site Scripting Attacks

U-093: Mozilla Firefox Multiple Flaws Permit Remote Code Execution, Information Disclosure, and Cross-Site Scripting Attacks

February 1, 2012 - 5:51am

Addthis

PROBLEM:

Multiple vulnerabilities were reported in Mozilla Firefox.

PLATFORM:

Linux (Any), UNIX (Any), Windows (Any) Version(s): prior to 3.2.26; prior to 10.0

ABSTRACT:

Mozilla Firefox Multiple Flaws Permit Remote Code Execution, Information Disclosure, and Cross-Site Scripting.

referenceĀ  LINKS:

SecurityTracker Alert ID: 1026605
CVE-2011-3659, CVE-2012-0442
CVE-2012-0443, CVE-2012-0444
CVE-2012-0445, CVE-2012-0446
CVE-2012-0447, CVE-2012-0449
CVE-2012-0450
Vendor Site

IMPACT ASSESSMENT:

Medium

Discussion:

Multiple vulnerabilities were reported in Mozilla Firefox. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can conduct cross-site scripting attacks. A remote user can obtain cross-domain information. A local user can obtain potentially sensitive information.

A remote user can create a specially crafted content that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target user's system [CVE-2012-0442, CVE-2012-0443]. The code will run with the privileges of the target user.

In certain situations, a removed child node of nsDOMAttribute can be accessed [CVE-2011-3659].

Frame scripts can bypass XPConnect security checks when calling untrusted objects, allowing a remote user to conduct cross-site scripting attacks via web pages and Firefox extensions [CVE-2012-0446].

The 'image/vnd.microsoft.icon' output may include uninitialized memory [CVE-2012-0447]. A remote user may be able to access potentially sensitive data, such as when a PNG image is converted from an ICO format. Version 3.6 is not affected.

A remote user can create a specially crafted Ogg Vorbis file that, when loaded by the target user, will trigger a memory corruption error and potentially execute arbitrary code on the target user's system [CVE-2012-0444].

A remote user can create a specially crafted embedded XSLT stylesheet that, when loaded by the target user, will trigger a memory corruption error and potentially execute arbitrary code on the target user's system [CVE-2012-0449].

A remote user can bypass HTML5 frame navigation controls, replacing a sub-frame in a target domain's document by using the name attribute of the sub-frame as a form submission target [CVE-2012-0445]. Version 3.6 is not affected.

When a user exports their Firefox Sync key, the "Firefox Recovery Key.html" file is created with unsafe permissions [CVE-2012-0450]. A local user on Linux/UNIX-based systems may be able to read the file. Version 3.6 is not affected.

Impact:

Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network

Solution:

The vendor has issued a fix (3.6.26, 10.0).

Addthis