Two extremely critical security vulnerabilities have been discovered in the Firefox Web browser. The flaws could be exploited to conduct cross-site scripting attacks and compromise a user’s system.
The first vulnerability involves ‘IFRAME’ JavaScript URLs, which are not properly protected from being executed in context of another URL in the history list. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an arbitrary site.
The second exists where Input passed to the ‘IconURL’ parameter in ‘InstallTrigger.install()’ is not properly verified before being used. This can be exploited to execute arbitrary JavaScript code with escalated privileges via a specially crafted JavaScript URL.
The vulnerabilities – designated Extremely Critical by security firm Secunia – have been confirmed in Firefox 1.0.3 but may exist in earlier versions. The vulnerabilities can be closed by turning off Javascript.
The Mozilla Foundation notes that as the vulnerability requires the attacker to trigger an install that appears to come from a whitelisted site, simply disabling software installation in the Preferences eliminates the problem.
A theoretical attacker uses frames and a JavaScript history flaw to make it appear that a software installation is being triggered from addons.update.mozilla.org, one of the few sites allowed to install software by default.
However, because the Mozilla Foundation controls all of the sites in the default software installation whitelist, it has been able to take preventative action by placing more checks in the server-side Mozilla Update code and moving the update site to another domain. Users who have not added any additional sites to their software installation whitelist are no longer at risk, the Foundation says.
A Firefox 1.0.4 update is expected ‘shortly’.
For more information about these flaws go to secunia.com/advisories/15292.
Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.
