92321 – Firefox, Mozilla Suite: Code execution via javascript

Bug 92321 - Firefox, Mozilla Suite: Code execution via javascript

Summary: Firefox, Mozilla Suite: Code execution via javascript

Status:	RESOLVED DUPLICATE of bug 91859

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All All

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://www.mozilla.org/security/annou...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2005-05-11 18:22 UTC by Philip Kovacs
Modified:	2005-07-17 13:06 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Philip Kovacs 2005-05-11 18:22:10 UTC

Two vulnerabilities were found in Mozilla Firefox that combined allow an attacker to run arbitrary code. The Mozilla Suite is only partially vulnerable. 
By causing a frame to navigate back to a previous javascript: url an attacker can inject script into any site. This could be used to steal cookies or sensitive data from that site, or to perform actions on behalf of that user. (Affects Firefox and the Suite). 

A separate vulnerability in the Firefox install confirmation dialog allows an attacker to execute arbitrary code by using a javascript: URL as the package icon. By default only the Mozilla Foundation update site is allowed to bring up this dialog, but the script injection vulnerability described above enables this to be exploited from any malicious site. 

The Mozilla Foundation has modified the update servers to prevent their use in this attack.

Comment 1 Tarragon M. Allen 2005-05-11 21:15:26 UTC

Firefox 1.04 is out and fixes these vulnerabilities.

Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-05-11 21:34:47 UTC


*** This bug has been marked as a duplicate of 91859 ***