----------------------------------------------------------------------

Bist Du interessiert an einem neuen Job in IT-Sicherheit?


Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/

----------------------------------------------------------------------

TITLE:
Firefox Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA16911

VERIFY ADVISORY:
http://secunia.com/advisories/16911/

CRITICAL:
Highly critical

IMPACT:
Security Bypass, Spoofing, Manipulation of data, System access

WHERE:
>From remote

SOFTWARE:
Mozilla Firefox 0.x
http://secunia.com/product/3256/
Mozilla Firefox 1.x
http://secunia.com/product/4227/

DESCRIPTION:
Multiple vulnerabilities have been reported in Firefox, which can be
exploited by malicious people to conduct spoofing attacks, manipulate
certain data, bypass certain security restrictions, and compromise a
user's system.

1) A boundary error in the processing of XBM images can be exploited
to cause a heap based buffer overflow via a specially crafted image.

Successful exploitation allows execution of arbitrary code.

2) An error in the processing of Unicode sequences with "zero-width
non-joiner" characters can be exploited to corrupt the stack and
cause a crash.

Successful exploitation may allow execution of arbitrary code.

3) An input validation error in the processing of headers passed to
the  "XMLHttpRequest" object can be exploited to inject arbitrary
HTTP requests.

4) An unspecified error where a XBL control which implements an
internal interface can spoof DOM objects.

This is similar to vulnerability #8 in:
SA16043

5) An unspecified integer overflow error in the JavaScript engine can
be exploited to execute arbitrary code.

6) The problem is that unprivileged "about:" pages can load
privileged "chrome:" pages in certain situations.

This does not pose any security risk by it self, but can be exploited
in combination with other cross-site scripting vulnerabilities to
execute arbitrary code.

7) An error in the creation of windows can be exploited to open a new
window without the address bar and status bar via a reference to a
closed window.

Successful exploitation allows bypass of certain security mechanisms
designed to protect against phishing attacks.

The vulnerabilities have been reported in version 1.0.6. Prior
versions may also be affected.

SOLUTION:
Update to version 1.0.7.
http://www.mozilla.org/products/firefox/

PROVIDED AND/OR DISCOVERED BY:
1) jackerror
2) Mats Palmgren
3) Tim Altman and Yutaka Oiwa
4) moz_bug_r_a4
5) Georgi Guninski
6) heatsync and shutdown
7) moz_bug_r_a4

ORIGINAL ADVISORY:
http://www.mozilla.org/security/announce/mfsa2005-58.html

OTHER REFERENCES:
SA16043:
http://secunia.com/advisories/16043/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------