Rapid7 Vulnerability & Exploit Database

Multiple Mozilla Firefox Vulnerabilities Fixed in Version 2.0.0.12

Back to Search

Multiple Mozilla Firefox Vulnerabilities Fixed in Version 2.0.0.12

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
02/07/2008
Created
07/25/2018
Added
02/26/2009
Modified
02/13/2015

Description

Firefox before 2.0.0.12 is affected by the vulnerabilities described in the reference links.

The browser engine in Mozilla Firefox before 2.0.0.12 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityService::GetAccessible, (3) nsBindingManager::GetNestedInsertionPoint, (4) nsXBLPrototypeBinding::AttributeChanged, (5) nsColumnSetFrame::GetContentInsertionFrame, and (6) nsLineLayout::TrimTrailingWhiteSpaceIn methods, and other vectors. (CVE-2008-0412)

The JavaScript engine in Mozilla Firefox before 2.0.0.12 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via (1) a large switch statement, (2) certain uses of watch and eval, (3) certain uses of the mousedown event listener, and other vectors. (CVE-2008-0413)

Mozilla Firefox before 2.0.0.12 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka "focus spoofing." (CVE-2008-0414)

Mozilla Firefox before 2.0.0.12 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript privilege escalation bugs." (CVE-2008-0415)

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12 allows remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) "zero-length non-ASCII sequences" in certain Asian character sets. (CVE-2008-0416)

CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web sites to corrupt the user's password store via newlines that are not properly handled when the user saves a password. (CVE-2008-0417)

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12 when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js. (CVE-2008-0418)

Mozilla Firefox before 2.0.0.12 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles. (CVE-2008-0419)

modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read. NOTE: the initial public reports stated that this affected Firefox in Ubuntu 6.06 through 7.10. (CVE-2008-0420)

Mozilla Firefox before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka the "dialog refocus bug" or "ffclick2". (CVE-2008-0591)

Mozilla Firefox before 2.0.0.12 allows user-assisted remote attackers to cause a denial of service via a plain .txt file with a "Content-Disposition: attachment" and an invalid "Content-Type: plain/text," which prevents Firefox from rendering future plain text files within the browser. (CVE-2008-0592)

Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems. (CVE-2008-0593)

Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks. (CVE-2008-0594)

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) "zero-length non-ASCII sequences" in certain Asian character sets. (CVE-2008-0416)

Solution(s)

  • mozilla-firefox-upgrade-2_0_0_12

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;