Vulnerability Note VU#996798

Mozilla Firefox insecurely handles content from external applications

Original Release date: 02 Aug 2005 | Last revised: 15 Aug 2005

Overview

Mozilla Firefox does not properly enforce domain restrictions on content sent by external applications, allowing a remote attacker to execute code on a vulnerable system.

Description

Mozilla Firefox can accept links from external applications, such as Flash and Quicktime. When such an application attempts to open a link, it is sent to the default web browser. The default configuration for Firefox is to open links from other applications in the most recent tab or window. When Firefox receives a javascript: URI from an external application, it will execute within the security context of the page currently displayed by the browser, thus creating a cross-domain violation.

If Firefox is displaying a privileged chrome: URI, then the external application could cause Firefox to execute arbitrary code.

For more information, please refer to Mozilla Foundation Security Advisory 2005-53. This vulnerability affects Firefox versions prior to 1.0.5 and Netscape 8 versions prior to 8.0.3.1. Other web browsers based on Mozilla Firefox may also be affected.

Impact

By convincing a user to open a specially crafted media file, an attacker may be able to execute arbitrary code on a vulnerable system. Other applications that have the ability to send URIs to Firefox may also be used to trigger the vulnerability. Additional impacts are similar to cross-site scripting attacks, as described in CERT Advisory CA-2000-02.

Solution

Upgrade
This vulnerability is addressed in Firefox 1.0.5 and Netscape 8.0.3.1 and later.


According to Mozilla Foundation Security Advisory 2005-53, the following workaround will mitigate this vulnerability.

Set the browser to open external links in a new tab or new window.

  1. Open the Options dialog from the Tools menu
  2. Select the Advanced icon in the left panel
  3. Open the "Tabbed Browsing" group
  4. Set "Open links from other applications in:" to either new tab or new window
    Netscape 8 is configured by default to open external links in new tabs, which prevents exploitation of this vulnerability.

    Systems Affected (Learn More)

    VendorStatusDate NotifiedDate Updated
    Mozilla, Inc.Affected-02 Aug 2005
    Netscape Communications CorporationAffected-02 Aug 2005
    Red Hat Software, Inc.Affected-15 Aug 2005
    If you are a vendor and your product is affected, let us know.

    CVSS Metrics (Learn More)

    Group Score Vector
    Base N/A N/A
    Temporal N/A N/A
    Environmental N/A N/A

    References

    Credit

    This vulnerability was reported in Mozilla Foundation Security Advisory 2005-53. Mozilla credits Michael Krax for providing information regarding this issue.

    This document was written by Jeff Gennari and Will Dormann.

    Other Information

    • CVE IDs: CAN-2005-2267
    • Date Public: 13 Jul 2005
    • Date First Published: 02 Aug 2005
    • Date Last Updated: 15 Aug 2005
    • Severity Metric: 8.02
    • Document Revision: 48

    Feedback

    If you have feedback, comments, or additional information about this vulnerability, please send us email.