Mozilla Firefox Install Method Remote Arbitrary Code Execution Vulnerability

Mozilla Firefox is prone to a security vulnerability that could result in the execution of arbitrary code without requiring user interaction.

Initial analysis of the vulnerability reveals that the it relies on a three-stage attack that may lead to an arbitrary script gaining 'UniversalXPConnect' privileges.

A remote atacker may be able to exploit this issue to take arbitrary actions on the vulnerable computer in the context of the user that is running the affcted browser.

This vulnerability is reported in all versions of Mozilla Firefox browsers up to 1.0.3.

To be exploitable, a site listed in a victim user's configuration to allow extension installation must be prone to a cross-site scripting vulnerability. By default, 'update.mozilla.org' and 'addon.mozilla.org' are both listed as trusted sites for extension installation.

*Update: The cross-site scripting vulnerability that the publicly available exploit relied on in the mozilla.org domain has been fixed. This issue is no longer exploitable through this public attack vector.


 

Privacy Statement
Copyright 2010, SecurityFocus