Multiple vulnerabilities have been identified in Mozilla Firefox, SeaMonkey, and Thunderbird, which may be exploited by remote attackers to take complete control of an affected system, bypass security restrictions, or disclose sensitive information.
The first issue is due to buffer overflow errors when processing specially crafted JavaScript regular expressions, which could be exploited by attackers to execute arbitrary commands.
The second issue is due to an error in the auto-update mechanism when validating certificates, which could be exploited by attackers to trick users into accepting unverifiable (often self-signed) certificates as valid and redirect them to a malicious web site.
The third vulnerability is due to memory corruption errors during text display, which could be exploited by attackers to crash a vulnerable application and potentially execute arbitrary commands.
The fourth issue is due to an error in the Network Security Services (NSS) library during RSA signature verification, which could be exploited by attackers to forge signatures. For additional information, see : FrSIRT/ADV-2006-3453
The fifth flaw is due to an origin validation error when handling content injected from a web site into a sub-frame of another site using "targetWindow.frames[n].document.open()", which could be exploited by malicious people to conduct cross-domain scripting attacks.
The sixth vulnerability is due to an error where blocked popups from the status bar (blocked popups) icon are always opened in the context of the site listed in the Location (address) bar, which could be exploited by malicious people to conduct cross-site scripting attacks.
The seventh flaw is due to an error where JavaScript code included in remote XBL files is always executed even if JavaScript has been disabled (by default), which could be exploited by attackers to bypass security restrictions and gain knowledge of sensitive information.
The eighth vulnerability is due to memory corruption errors when handling malformed contents, which could be exploited by attackers to crash a vulnerable application or execute arbitrary commands.
Credits
Vulnerabilities reported by Priit Laes, CanadianGuy, Girts Folkmanis, Catalin Patulea, Jon Oberheide, Jonathan Watt, Michal Zalewski, Philip Mackenzie, Marius Schilder, shutdown, Bernd Mielke, Georgi Guninski, Igor Bukanov, Jesse Ruderman, Martijn Wargers, Mats Palmgren, Olli Pettay, and Weston Carloss.
ChangeLog
2006-09-15 : Initial release
Vulnerability Management
Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
French
