CERT home
vulnerabilities & fixesevaluations & practicesresearch & analysistraining & education
homesearchFAQsite indexcontact
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

Vulnerability Note VU#996798

Mozilla Firefox insecurely handles content from external applications

Overview

Mozilla Firefox does not properly enforce domain restrictions on content sent by external applications, allowing a remote attacker to execute code on a vulnerable system.

I. Description

Mozilla Firefox can accept links from external applications, such as Flash and Quicktime. When such an application attempts to open a link, it is sent to the default web browser. The default configuration for Firefox is to open links from other applications in the most recent tab or window. When Firefox receives a javascript: URI from an external application, it will execute within the security context of the page currently displayed by the browser, thus creating a cross-domain violation.

If Firefox is displaying a privileged chrome: URI, then the external application could cause Firefox to execute arbitrary code.

For more information, please refer to Mozilla Foundation Security Advisory 2005-53. This vulnerability affects Firefox versions prior to 1.0.5 and Netscape 8 versions prior to 8.0.3.1. Other web browsers based on Mozilla Firefox may also be affected.

II. Impact

By convincing a user to open a specially crafted media file, an attacker may be able to execute arbitrary code on a vulnerable system. Other applications that have the ability to send URIs to Firefox may also be used to trigger the vulnerability. Additional impacts are similar to cross-site scripting attacks, as described in CERT Advisory CA-2000-02.

III. Solution

Upgrade

This vulnerability is addressed in Firefox 1.0.5 and Netscape 8.0.3.1 and later.

According to Mozilla Foundation Security Advisory 2005-53, the following workaround will mitigate this vulnerability.

Set the browser to open external links in a new tab or new window.

  1. Open the Options dialog from the Tools menu
  2. Select the Advanced icon in the left panel
  3. Open the "Tabbed Browsing" group
  4. Set "Open links from other applications in:" to either new tab or new window
    Netscape 8 is configured by default to open external links in new tabs, which prevents exploitation of this vulnerability.

    Systems Affected
    VendorStatusDate Updated
    Mozilla, Inc.Vulnerable2-Aug-2005
    Netscape Communications CorporationVulnerable2-Aug-2005
    Red Hat Software, Inc.Vulnerable15-Aug-2005

    References


    http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox
    http://www.mozilla.org/security/announce/mfsa2005-53.html
    http://secunia.com/advisories/16043/
    http://secunia.com/advisories/16185/
    http://securitytracker.com/id?1014469

    Credit

    This vulnerability was reported in Mozilla Foundation Security Advisory 2005-53. Mozilla credits Michael Krax for providing information regarding this issue.

    This document was written by Jeff Gennari and Will Dormann.

    Other Information

    Date Public07/13/2005
    Date First Published08/02/2005 03:00:57 PM
    Date Last Updated08/15/2005
    CERT Advisory 
    CVE NameCAN-2005-2267
    Metric8.02
    Document Revision48

    If you have feedback, comments, or additional information about this vulnerability, please send us email.
     

    Copyright 2005 Carnegie Mellon University