Mozilla Firefox URI Launching and XUL Error Page Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 17 Jul 2008 5014 Views

RISK: Medium Risk

Medium Risk

Multiple vulnerabilities have been identified in Firefox, which can be exploited by malicious people to bypass certain security restrictions, potentially conduct spoofing attacks, or compromise a user's system.

1. A vulnerability can be exploited to launch e.g. "file" or "chrome:" URIs in Firefox.

2. Input passed to XUL based error pages is not properly sanitised before being returned to a user and can be exploited to e.g. conduct spoofing attacks.

In combination with vulnerability #1 this can be exploited to inject arbitrary script code and execute arbitrary code in "chrome" context, but requires that a specially crafted URI is passed to Firefox and that Firefox is not running.

Impact

  • Remote Code Execution
  • Security Restriction Bypass
  • Spoofing

System / Technologies affected

  • Mozilla Firefox 3.x
  • Mozilla Firefox 2.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Apple iPhone / iPod touch Multiple Vulnerabilities

15 Jul 2008 4984 Views

Next

HP Oracle for OpenView Multiple Vulnerabilities

17 Jul 2008 5641 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY