[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 289/06 - US-CERT: TA06-107A -- Mozilla Products Contain Multiple Vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 289/06 dated 19.04.06  Time: 14:10  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

US-CERT: TA06-107A -- Mozilla Products Contain Multiple Vulnerabilities

Detail
====== 

Several vulnerabilities have been reported in the Mozilla web browser
and derived products. More detailed information is available in the
individual vulnerability notes.



- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



                        National Cyber Alert System

                Technical Cyber Security Alert TA06-107A


Mozilla Products Contain Multiple Vulnerabilities

   Original release date: April 17, 2006
   Last revised: --
   Source: US-CERT


Systems Affected

     * Mozilla web browser, email and newsgroup client
     * Mozilla SeaMonkey
     * Firefox web browser
     * Thunderbird email client
     * Mozilla Suite

   Any products based on Mozilla components, particularly Gecko may also
   be affected.


Overview

   The Mozilla web browser and derived products contain several
   vulnerabilities, the most serious of which could allow a remote
   attacker to execute arbitrary code on an affected system.


I. Description

   Several vulnerabilities have been reported in the Mozilla web browser
   and derived products. More detailed information is available in the
   individual vulnerability notes, including:

   VU#932734 - Mozilla crypto.generateCRMFRequest() vulnerability

   A vulnerability exists in the Mozilla JavaScript routine
   generateCRMFRequest() that may allow a remote attacker to execute
   arbitrary code.
   (CVE-2006-1728)

   VU#968814 - Mozilla JavaScript security bypass vulnerability

   Mozilla products fail to properly enforce security restrictions in
   JavaScript. This vulnerability may allow a remote, unauthenticated
   attacker to execute arbitrary code.
   (CVE-2006-1726)

   VU#179014 - Mozilla CSS integer overflow vulnerability

   Mozilla products contain an integer overflow that could allow a
   remote, unauthenticated attacker to execute arbitrary code.
   (CVE-2006-1730)

   VU#488774 - Mozilla XBL binding vulnerability

   Mozilla products fail to properly restrict access to privileged XBL
   bindings. This vulnerability may allow a remote, unauthenticated
   attacker to execute arbitrary code.
   (CVE-2006-1733)

   VU#842094 - Mozilla JavaScript cloned parent vulnerability

   Mozilla products fail to properly restrict access to a JavaScript
   functions cloned parent. This vulnerability may allow a remote
   attacker to execute arbitrary code on a vulnerable system.
   (CVE-2006-1734)

   VU#813230 - Mozilla products vulnerable to privilege escalation via
   XBL.method.eval

   A vulnerability in the way Mozilla products and derivative programs
   handle certain XBL methods could allow a remote attacker to execute
   arbitrary code on a vulnerable system.
   (CVE-2006-1735)

   VU#736934 - Mozilla products vulnerable to memory corruption via a
   particular sequence of HTML tags

   A vulnerability in the way Mozilla products and derivative programs
   handle certain HTML tags could allow a remote attacker to execute
   arbitrary code on a vulnerable system.
   (CVE-2006-0749)

   VU#935556 - Mozilla products may allow CSS border-rendering code to
   write past the end of an array

   A vulnerability in the way Mozilla products and derivative programs
   handle certain CSS methods could allow a remote attacker to crash the
   application or execute arbitrary code on a vulnerable system.
   (CVE-2006-1739)

   VU#350262 - Mozilla DHTML memory corruption vulnerabilities

   Mozilla products contain to multiple, unspecified vulnerabilities in
   the way they handle DHTML. These vulnerabilities may allow a remote
   attacker to execute arbitrary code or cause a denial-of-service
   condition.
   (CVE-2006-1724)

   VU#252324 - Mozilla display style vulnerability

   Mozilla products contain an unspecified vulnerability in the way they
   handle display styles. This vulnerability may allow a remote attacker
   to execute arbitrary code or cause a denial-of-service condition.

   VU#329500 - Mozilla products vulnerable to memory corruption via large
   regular expression in JavaScript

   A vulnerability in the way the JavaScript engine of Mozilla products
   and derivative programs handles a large regular expression could allow
   a remote attacker to crash the application or execute arbitrary code
   on a vulnerable system.


II. Impact

   The most severe impact of these vulnerabilities could allow a remote
   attacker to execute arbitrary code with the privileges of the user
   running the affected application. Other effects include a denial of
   service or local information disclosure.


III. Solution

Upgrade

   Upgrade to Mozilla Firefox 1.5.0.2, Mozilla Thunderbird 1.5.0.2, or
   SeaMonkey 1.0.1. According to Mozilla.org, Thunderbird 1.5.0.2 is
   to be released on April 18, 2006.

   Users are strongly encourages to apply the workarounds described in
   the individual vulnerability notes until updates can be applied.


Appendix A. References

     * Mozilla Foundation Security Advisories -
       <http://www.mozilla.org/security/announce/>

     * Mozilla Foundation Security Advisories -
       <http://www.mozilla.org/projects/security/known-vulnerabilities.ht
       ml>

     * US-CERT Vulnerability Note VU#932734 -
       <http://www.kb.cert.org/vuls/id/932734>

     * US-CERT Vulnerability Note VU#968814 -
       <http://www.kb.cert.org/vuls/id/968814>

     * US-CERT Vulnerability Note VU#179014 -
       <http://www.kb.cert.org/vuls/id/179014>

     * US-CERT Vulnerability Note VU#488774 -
       <http://www.kb.cert.org/vuls/id/488774>

     * US-CERT Vulnerability Note VU#842094 -
       <http://www.kb.cert.org/vuls/id/842094>

     * US-CERT Vulnerability Note VU#813230 -
       <http://www.kb.cert.org/vuls/id/813230>

     * US-CERT Vulnerability Note VU#736934 -
       <http://www.kb.cert.org/vuls/id/736934>

     * US-CERT Vulnerability Note VU#935556 -
       <http://www.kb.cert.org/vuls/id/935556>

     * US-CERT Vulnerability Note VU#350262 -
       <http://www.kb.cert.org/vuls/id/350262>

     * US-CERT Vulnerability Note VU#252324 -
       <http://www.kb.cert.org/vuls/id/252324>

     * US-CERT Vulnerability Note VU#329500 -
       <http://www.kb.cert.org/vuls/id/329500>

     * US-CERT Vulnerability Notes Related to April Mozilla Security
       Advisories -
       <http://www.kb.cert.org/vuls/byid?searchview&query=mozilla_April_2
       006>

     * CVE-2006-1726 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1726>

     * CVE-2006-1728 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1728>

     * CVE-2006-1730 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1730>

     * CVE-2006-1733 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1733>

     * CVE-2006-1734 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1734>

     * CVE-2006-1735 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1735>

     * CVE-2006-0749 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0749>

     * CVE-2006-1739 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1739>

     * CVE-2006-1724 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1724>

     * Firefox - Rediscover the Web - <http://www.mozilla.com/firefox/>

     * Thunderbird - Reclaim your inbox -
       <http://www.mozilla.com/thunderbird/>

     * The SeaMonkey Project -
       <http://www.mozilla.org/projects/seamonkey/>

     * Mozilla Suite - The All-in-One Internet Application Suite -
       <http://www.mozilla.org/products/mozilla1.x/>

     * Securing Your Web Browser -
       <http://www.us-cert.gov/reading_room/securing_browser/browser_secu
       rity.html#Mozilla_Firefox>


 ____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA06-107A.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <cert@xxxxxxxx> with "TA06-107A Feedback VU#968814" in the
   subject.
 ____________________________________________________________________


   Produced 2006 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________


Revision History

   Apr 17, 2006: Initial release
- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBREPpeH0pj593lg50AQI+OAf+LX6BsGayLqa86k2b32AUxeVYDiypaMEU
qriPcS7dNs1d4DG642cdXQFZeqVwd0n4IDuvRdwQfYYriDSwtASIZ3AHIkk0V/rd
+9pJqPhxJ21ykRDbH+2pIrLb2Ph4oN3RLZRfec/SxfgXqq5KF4Vf6ARkU1KNehnF
uD05huAn885W8dlmGAnNk5G5xgf6Bzd74UeYJws3zBSNqdUG9LSg16O7y1kP6uUk
wvXFkf1IMFjYhVuTMto763vEnmU3pBUoxnKpwgleD9NfCobYbn0h+Hq3QpS440u5
1xMXCu/98aB3Zqsv717uJ+glD4VJ9T8EIEa4pW1qm3180XBpsN2ZQQ==
=2rzE
- - -----END PGP SIGNATURE-----

iQCVAwUBREQ4YCh9+71yA2DNAQK5jQP+JC3dMRt8Z9WjsZz61dUHK9eXAfXEnSl2
QbSGuEu4i42mNzqPyYeyiG1pOKUClbpIWBKhndvpxLsYlXbxZXAAGFoXN1GezdMo
J85yb0C/emAh1YJwRvMJLrjo/ziLrpJ3pcJ4rbjKsma+P66UYw69wsbkWYfX19Bw
j3GFwRm1DXk=
=xD3j
- -----END PGP SIGNATURE-----


- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of US-CERT for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the site of the
original source to ensure that you receive the most current information concerning 
that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQCVAwUBREY1pYpao72zK539AQHnhAP/b9nEJJEzi16MX3xVFj7Ba+UmT8Hi/Cy1
UUpoQBgds7s5BpU9jOSyCNDKLt/8HehQpNXjoxG7Yc0H7lt39SEb4HAu8sOfN+WU
NY+PoYbgGh5BmakpDWpfMNwHASPOnyqznZeeEryNgyYfK/9onaElOlHmXH167s24
0ZVoU7sfrJ0=
=sgji
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________