SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#996798

Mozilla Firefox insecurely handles content from external applications

Overview

Mozilla Firefox does not properly enforce domain restrictions on content sent by external applications, allowing a remote attacker to execute code on a vulnerable system.

I. Description

Mozilla Firefox can accept links from external applications, such as Flash and Quicktime. When such an application attempts to open a link, it is sent to the default web browser. The default configuration for Firefox is to open links from other applications in the most recent tab or window. When Firefox receives a javascript: URI from an external application, it will execute within the security context of the page currently displayed by the browser, thus creating a cross-domain violation.

If Firefox is displaying a privileged chrome: URI, then the external application could cause Firefox to execute arbitrary code.

For more information, please refer to Mozilla Foundation Security Advisory 2005-53. This vulnerability affects Firefox versions prior to 1.0.5 and Netscape 8 versions prior to 8.0.3.1. Other web browsers based on Mozilla Firefox may also be affected.

II. Impact

By convincing a user to open a specially crafted media file, an attacker may be able to execute arbitrary code on a vulnerable system. Other applications that have the ability to send URIs to Firefox may also be used to trigger the vulnerability. Additional impacts are similar to cross-site scripting attacks, as described in CERT Advisory CA-2000-02.

III. Solution

Upgrade

This vulnerability is addressed in Firefox 1.0.5 and Netscape 8.0.3.1 and later.

According to Mozilla Foundation Security Advisory 2005-53, the following workaround will mitigate this vulnerability.

Set the browser to open external links in a new tab or new window.

  1. Open the Options dialog from the Tools menu
  2. Select the Advanced icon in the left panel
  3. Open the "Tabbed Browsing" group
  4. Set "Open links from other applications in:" to either new tab or new window
    Netscape 8 is configured by default to open external links in new tabs, which prevents exploitation of this vulnerability.

    Systems Affected
    VendorStatusDate NotifiedDate Updated
    Mozilla, Inc.Vulnerable2-Aug-2005
    Netscape Communications CorporationVulnerable2-Aug-2005
    Red Hat Software, Inc.Vulnerable15-Aug-2005

    References


    http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox
    http://www.mozilla.org/security/announce/mfsa2005-53.html
    http://secunia.com/advisories/16043/
    http://secunia.com/advisories/16185/
    http://securitytracker.com/id?1014469

    Credit

    This vulnerability was reported in Mozilla Foundation Security Advisory 2005-53. Mozilla credits Michael Krax for providing information regarding this issue.

    This document was written by Jeff Gennari and Will Dormann.

    Other Information

    Date Public:2005-07-13
    Date First Published:2005-08-02
    Date Last Updated:2005-08-15
    CERT Advisory: 
    CVE-ID(s):CAN-2005-2267
    NVD-ID(s):CAN-2005-2267
    US-CERT Technical Alerts: 
    Metric:8.02
    Document Revision:48

    If you have feedback, comments, or additional information about this vulnerability, please send us email.
     

    		 
    Page Corner Image
    Produced 2005 by US-CERT, a government organization
    Disclaimers and copyright information
    Get Adobe Reader Get Adobe Reader