Rapid7 Vulnerability & Exploit Database

Mozilla Firefox Multiple Vulnerabilities fixed in 3.0.13 and 3.5.2

Back to Search

Mozilla Firefox Multiple Vulnerabilities fixed in 3.0.13 and 3.5.2

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
07/21/2009
Created
07/25/2018
Added
09/23/2009
Modified
02/13/2015

Description

Mozilla Firefox versions before 3.0.13 and 3.5.2 are affected by multiple vulnerabilities:

  • Data corruption with SOCKS5 reply containing DNS name longer than 15 characters (MFSA 2009-38). When Firefox receives a reply from a SOCKS5 proxy which contains a DNS name longer than 15 characters, the subsequent data stream in the response can become corrupted. There was no evidence of memory corruption, however, and the severity of the issue was determined to be low.
  • Location bar and SSL indicator spoofing via window.open() on invalid URL (MFSA 2009-44). An attacker could call window.open() on an invalid URL which looks similar to a legitimate URL and then use document.write() to place content within the new document, appearing to have come from the spoofed location. Additionally, if the spoofed document was created by a document with a valid SSL certificate, the SSL indicators would be carried over into the spoofed document. An attacker could use these issues to display misleading location and SSL information for a malicious web page.
  • Crashes with evidence of memory corruption (MFSA 2009-45). Several stability bugs in the browser engine used in Firefox and other Mozilla-based products have been identified and fixed. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
  • Chrome privilege escalation due to incorrectly cached wrapper (MFSA 2009-46). Broken functionality has been reported on pages that had a Link: HTTP header when an add-on was installed which implemented a Content Policy in JavaScript, such as AdBlock Plus or NoScript. Mozilla security researcher moz_bug_r_a4 demonstrated that the broken functionality was due to the window's global object receiving an incorrect security wrapper and that this issue could be used to execute arbitrary JavaScript with chrome privileges.

Solution(s)

  • mozilla-firefox-upgrade-3_0_13
  • mozilla-firefox-upgrade-3_5_2

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;