SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#652366

Mozilla insecurely clones objects and member functions

Overview

Mozilla fails to enforce security restrictions on cloned base objects. This may allow a remote attacker to execute arbitrary code on a vulnerable web browser.

I. Description

Mozilla supports the use of JavaScript to perform client side scripting. JavaScript uses prototyping as a way to dynamically inherit methods and properties from a superclass. The methods and properties are inherited at runtime via the .prototype property of a subclass. A class hierarchy defined using prototyping is known as a prototype chain.

Mozilla insecurely clones base objects in a prototype chain causing an access control vulnerability. A remote attacker with control of an object with few privileges may be able to access methods and properties stored in more privileged base objects higher up the prototype chain.

Note that this vulnerability may exist in all Mozilla-based web browsers, including Netscape and Firefox.

II. Impact

A remote attacker may be able to traverse the prototype chain to access privileged objects. Once access is gained, the attacker may be able to execute arbitrary code with elevated privileges.

III. Solution

Upgrade

This vulnerability is fixed in Firefox 1.0.5 and Mozilla Suite 1.7.10.

Systems Affected

VendorStatusDate NotifiedDate Updated
Mozilla, Inc.Vulnerable1-Aug-2005
Netscape Communications CorporationVulnerable1-Aug-2005
Red Hat Software, Inc.Vulnerable15-Aug-2005

References


http://www.mozilla.org/projects/security/known-vulnerabilities.html
http://www.mozilla.org/security/announce/mfsa2005-56.html
http://securitytracker.com/id?1014470
http://www.securityfocus.com/bid/14242
http://secunia.com/advisories/15549/
http://secunia.com/advisories/16059/
http://secunia.com/advisories/16185/

Credit

This vulnerability was reported by The Mozilla Foundation. The Mozilla Foundation credits moz_bug_r_a4 and shutdown for reporting this issue.

This document was written by Jeff Gennari.

Other Information

Date Public:2005-07-13
Date First Published:2005-08-01
Date Last Updated:2005-08-15
CERT Advisory: 
CVE-ID(s):CAN-2005-2270
NVD-ID(s):CAN-2005-2270
US-CERT Technical Alerts: 
Metric:7.80
Document Revision:63

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2005 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader