Related information

Multiple Mozilla / Firefox / Thunderbird / Netscape / Seamonkey security vulnerabilities

[SA20394] SeaMonkey VCard Double-Free and "addSelectionLis tener" Vulnerabilities

[SA20382] Thunderbird Multiple Vulnerabilities

[SA20376] Firefox Multiple Vulnerabilities

From:	CERT <cert_(at)_cert.gov>
Date:	03.06.2006
Subject:	US-CERT Technical Cyber Security Alert TA06-153A -- Mozilla Products Contain Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



                       National Cyber Alert System

               Technical Cyber Security Alert TA06-153A


Mozilla Products Contain Multiple Vulnerabilities

  Original release date: June 2, 2006
  Last revised: --
  Source: US-CERT


Systems Affected

    * Mozilla SeaMonkey
    * Firefox web browser
    * Thunderbird email client

  Any products based on Mozilla components, particularly Gecko, may also
  be affected.


Overview

  The Mozilla web browser and derived products contain several
  vulnerabilities, the most serious of which could allow a remote
  attacker to execute arbitrary code on an affected system.


I. Description

  Several vulnerabilities have been reported in the Mozilla web browser
  and derived products. More detailed information is available in the
  individual vulnerability notes, including:


  VU#237257 - Mozilla privilege escalation using addSelectionListener

  A privilege escalation vulnerability exists in the Mozilla
  addSelectionListener method. This may allow a remote attacker to
  execute arbitrary code.


  VU#421529 - Mozilla contains a buffer overflow vulnerability in
  crypto.signText()

  Mozilla products contain a buffer overflow in the crypto.signText()
  method. This may allow a remote attacker to execute arbitrary code.


  VU#575969 - Mozilla may process content-defined setters on object
  prototypes with elevated privileges

  Mozilla allows content-defined setters on object prototypes to execute
  with elevated privileges. This may allow a remote attacker to execute
  arbitrary code.


  VU#243153 - Mozilla may associate persisted XUL attributes with an
  incorrect URL

  Mozilla can allow persisted XUL attributes to associate with the wrong
  URL. This may allow a remote attacker to execute arbitrary code.


  VU#466673 - Mozilla contains multiple memory corruption
  vulnerabilities

  Mozilla contains several memory corruption vulnerabilities. This may
  allow a remote attacker to execute arbitrary code.


II. Impact

  The most severe impact of these vulnerabilities could allow a remote
  attacker to execute arbitrary code with the privileges of the user
  running the affected application. Other effects include a denial of
  service or local information disclosure.


III. Solution

Upgrade

  Upgrade to Mozilla Firefox 1.5.0.4, Mozilla Thunderbird 1.5.0.4, or
  SeaMonkey 1.0.2.

Disable JavaScript

  These vulnerabilities can be mitigated by disabling JavaScript.


Appendix A. References

    * US-CERT Vulnerability Note VU#237257 -
      <http://www.kb.cert.org/vuls/id/237257>

    * US-CERT Vulnerability Note VU#421529 -
      <http://www.kb.cert.org/vuls/id/421529>

    * US-CERT Vulnerability Note VU#575969 -
      <http://www.kb.cert.org/vuls/id/575969>

    * US-CERT Vulnerability Note VU#243153 -
      <http://www.kb.cert.org/vuls/id/243153>

    * US-CERT Vulnerability Note VU#466673 -
      <http://www.kb.cert.org/vuls/id/466673>

    * Mozilla Foundation Security Advisories -
      <http://www.mozilla.org/security/announce/>

    * US-CERT Vulnerability Notes Related to June Mozilla Security
      Advisories -
      <http://www.kb.cert.org/vuls/byid?searchview&query=firefox_1504>


    * Mozilla Foundation Security Advisories -
      <http://www.mozilla.org/projects/security/known-vulnerabilities.html>


    * Firefox - Rediscover the Web - <http://www.mozilla.com/firefox/>

    * Thunderbird - Reclaim your inbox -
      <http://www.mozilla.com/thunderbird/>

    * The SeaMonkey Project -
      <http://www.mozilla.org/projects/seamonkey/>

    * Securing Your Web Browser -
     
<http://www.us-cert.gov/reading_room/securing_browser/browser_security.html#Mo
zilla_Firefox>


____________________________________________________________________

  The most recent version of this document can be found at:

    <http://www.us-cert.gov/cas/techalerts/TA06-153A.html>
____________________________________________________________________

  Feedback can be directed to US-CERT Technical Staff. Please send
  email to <cert@cert.org> with "TA06-153A Feedback VU#237257" in the
  subject.
____________________________________________________________________

  For instructions on subscribing to or unsubscribing from this
  mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

  Produced 2006 by US-CERT, a government organization.

  Terms of use:

    <http://www.us-cert.gov/legal.html>
____________________________________________________________________


Revision History

  Jun 2, 2006: Initial release




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRICC5H0pj593lg50AQKT/Af+IMgN13YNpubQiBvQsAQkXHTbjQnWuM7q
XyvsEZHT/DAEUVr9kR1wx5IlS+lwELN9jq2QwfFJz7E+1psUJd5o9wLD/KUTlrUk
baclGN/pEIR8jp1zyCVCCTbCeFig9RNA7vaGYzdbNjhXWhJANagK0bIK3Y9xS2ug
B2i33KtkApsZ4Jn9/hXrtqkUhgf1FaBIWlq9By2gsVraAdRYiObtR3YfDDwX0d/H
8PHNxtdg+bOJEaYoQxYzxWDdx06wr7ZVzvGhkacWIyOmC35x/9mTmFOeZrH9ecjq
3fDxx3gUXSKIn4yToKnfxqCD8nA6vi9b22LW+CIKuSPosbloWaw9ew==
=nbAW
-----END PGP SIGNATURE-----