Security Advisories

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Subject: US-CERT Technical Cyber Security Alert TA04-261A -- Multiple vulnerabilities in Mozilla products
From: CERT Advisory <This email address is being protected from spambots. You need JavaScript enabled to view it.>
Date: Fri, 17 Sep 2004 16:12:37 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                 Technical Cyber Security Alert TA04-261A
               Multiple vulnerabilities in Mozilla products

   Original release date: September 17, 2004
   Last revised: --
   Source: US-CERT

Systems Affected

   Mozilla software, including the following:

     * Mozilla web browser, email and newsgroup client
     * Firefox web browser
     * Thunderbird email client

Overview

   Several vulnerabilities exist in the Mozilla web browser and derived
   products, the most serious of which could allow a remote attacker to
   execute arbitrary code on an affected system.

I. Description

   Several vulnerabilities have been reported in the Mozilla web browser
   and derived products. More detailed information is available in the
   individual vulnerability notes:

   VU#414240 - Mozilla Mail vulnerable to buffer overflow via
   writeGroup() function in nsVCardObj.cpp

    Mozilla Mail contains a stack overflow vulnerability in the display
    routines for VCards. By sending an email message with a crafted VCard,
    a remote attacker may be able to execute arbitrary code on the
    victim's machine with the privileges of the current user. This can be
    exploited in the preview mode as well.

   VU#847200 - Mozilla contains integer overflows in bitmap image decoder

    A vulnerability in the way Mozilla and its derived programs handle
    certain bitmap images could allow a remote attacker to execute
    arbitrary code on a vulnerable system.

   VU#808216 - Mozilla contains heap overflow in UTF8 conversion of
   hostname portion of URLs

    A vulnerability in the way Mozilla and its derived programs handle
    certain malformed URLs could allow a remote attacker to execute
    arbitrary code on a vulnerable system.

   VU#125776 - Multiple buffer overflows in Mozilla POP3 protocol handler

    There are multiple buffer overflow vulnerabilities in the Mozilla POP3
    protocol handler that could allow a malicious POP3 server to execute
    arbitrary code on the affected system.

   VU#327560 - Mozilla "send page" feature contains a buffer overflow
   vulnerability

    There is a buffer overflow vulnerability in the Mozilla "send page"
    feature that could allow a remote attacker to execute arbitrary code.

   VU#651928 - Mozilla allows arbitrary code execution via link dragging

     A vulnerability affecting Mozilla web browsers may allow violation of
     cross-domain scripting policies and possibly execute code originating
     from a remote source.

II. Impact

   These vulnerabilities could allow a remote attacker to execute
   arbitrary code with the privileges of the user running the affected
   application.

   VU#847200 could also allow a remote attacker to crash an affected
   application.

III. Solution

Upgrade to a patched version

   Mozilla has released versions of the affected software that contain
   patches for these issues:

     * Mozilla 1.7.3
     * Firefox Preview Release
     * Thunderbird 0.8

   Users are strongly encouraged to upgrade to one of these versions.

Appendix A. References

     * Mozilla Security Advisory -
       <http://www.mozilla.org/projects/security/known-vulnerabilities.ht
       ml>
     * Mozilla 1.7.2 non-ascii hostname heap overrun, Gael Delalleau -
       <http://www.zencomsec.com/advisories/mozilla-1.7.2-UTF8link.txt>
     * Security Audit of Mozilla's .bmp image parsing, Gael Delalleau -
       <http://www.zencomsec.com/advisories/mozilla-1.7.2-BMP.txt>
     * Security Audit of Mozilla's POP3 client protocol, Gael Delalleau -
       <http://www.zencomsec.com/advisories/mozilla-1.7.2-POP3.txt>
     * US-CERT Vulnerability Note VU#414240 -
       <http://www.kb.cert.org/vuls/id/414240>
     * US-CERT Vulnerability Note VU#847200 -
       <http://www.kb.cert.org/vuls/id/847200>
     * US-CERT Vulnerability Note VU#808216 -
       <http://www.kb.cert.org/vuls/id/808216>
     * US-CERT Vulnerability Note VU#125776 -
       <http://www.kb.cert.org/vuls/id/125776>
     * US-CERT Vulnerability Note VU#327560 -
       <http://www.kb.cert.org/vuls/id/327560>
     * US-CERT Vulnerability Note VU#651928 -
       <http://www.kb.cert.org/vuls/id/651928>
     _________________________________________________________________

   Mozilla has assigned credit for reporting of these issue to the
   following:

     * VU#414240: Georgi Guninski
     * VU#847200: Gael Delalleau
     * VU#808216: Gael Delalleau and Mats Palmgren
     * VU#125776: Gael Delalleau
     * VU#327560: Georgi Guninski
     * VU#651928: Jesse Ruderman
  _________________________________________________________________

   Feedback can be directed to the US-CERT Technical Staff.
  _________________________________________________________________
     
   This document is available from:
     
      <http://www.us-cert.gov/cas/techalerts/TA04-261A.html>
          
  _________________________________________________________________
          
   Copyright 2004 Carnegie Mellon University.
          
   Terms of use: <http://www.us-cert.gov/legal.html>
  _________________________________________________________________
          
   Revision History  
          
   Sept 17, 2004: Initial release

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBQUtEPBhoSezw4YfQAQIosQgAkny8jByUHOSsukYr4u20BGhOb1FI2wKY
GilIzIJy8sKtHq6S3XHMk5xXH8dDgheODPV3NLB6X6sksG4x1o5pQKq2lgANas13
EIIfVb5p3//uS0qV/zhPlc7tkBcJAVgx1BaExorJpsHeEfhF22+hPt+BuuBM875B
T1owipQIGbADQjhh4zVAJYSsLl3R8ZHYu8QnJlRn+qCF2Psg2eTnXlzfzIHvhl/3
KuaeqQ86V+B+uXUox2FjlrOzYujUY2z+syRkfNFINIo3E51rRJxF5SGxNt0gPD+y
CqZw4LDf+HqdpIQd6J/vJq4GcOkOXYraXskUK8zwCiSwqSw1ucYGvA==
=C1IN
-----END PGP SIGNATURE-----

Powered by:

MHonArc