Mozilla upgrade to version 1.6. fixes several security isuses.
Mozilla Browser Scope Cross-Domain Function or Variable Disclosure
Jesse Ruderman has reported a vulnerability in Mozilla where a
malicious site may detect whether functions or variables are defined
in another browser window. The issue is reported to exist due to a
lack of sufficient access controls enforced on eval() calls. An
attacker may exploit this issue to potentially enumerate browsing
habits of an unsuspecting user.
Mozilla Browser Proxy Server Authentication Credential Disclosure
Darin Fisher has reported an information disclosure bug in Mozilla.
When the user attempts to connect to a malicious server subsequent to
successfully authenticating to the trusted server and if the malicious
proxy with a same realm as the trusted server sends the user a "407
Proxy authentication required" message, Mozilla will send the cached
authentication credentials from the previous exchange with the trusted
proxy to the malicious server. This is carried out regardless of the
different domain name or IP address of the malicious server.
Mozilla Custom Getter/Setter Objects Same Origin Policy Violation
Jesse Ruderman has reported a same origin policy violation vulnerability
in Mozilla. It has been reported that custom getter/setter objects do
not possess a check for the Same Origin Policy. This may allow the
object to be invoked to gain access to properties of another domain in
a frame or iframe.
Mozilla URI Sub-Directory Arbitrary Cookie Access Vulnerability
Stephen P. Morse discovered a problem in the behavior of the cookie
handling in Mozilla. If similar path attributes exist in two separate
cookies, it may be possible for a site to gain unauthorized access to
cookies issued by another site in the same domain. The correct behavior
is to restrict this type of access based both on domain and exact path
attribute information.
Mozilla Browser Cookie Path Restriction Bypass Vulnerability
Daniel Veditz has reported a vulnerability in Mozilla where a malicious
site may read cookies from unauthorized paths due to a lack of
sufficient sanitization performed on cookie paths. A malicious cookie
path containing certain escape sequence will reportedly bypass cookie
path access controls.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2003-0594 to this issue.
Mozilla Browser Script.prototype.freeze/thaw Arbitrary Code Execution
Brendan Eich has reported a vulnerability in Mozilla that may permit
remote attackers to execute arbitrary code. The issue is in the
JavaScript Script.prototype.freeze/thaw functionality. An attacker with
knowledge of JavaScript bytecode and JavaScript engine internals, as
well as the native architecture of a client system may theoretically
cause arbitrary code to be executed.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
OpenServer 5.0.7 Mozilla distribution
3. Solution
The proper solution is to install the latest packages.
Specific references for this advisory:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0594
http://www.securityfocus.com/bid/9322
http://www.securityfocus.com/bid/9323
http://www.securityfocus.com/bid/9325
http://www.securityfocus.com/bid/9326
http://www.securityfocus.com/bid/9328
http://www.securityfocus.com/bid/9330
SCO security advisories via email
http://www.sco.com/support/forums/security.html
This security fix closes SCO incidents sr889065 fz528708
erg712531.
6. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.
7. Acknowledgments
SCO would like to thank Jesse Ruderman, Darin Fisher, Stephen P. Morse,
Daniel Veditz, Brendan Eich, and the Mozilla team.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
________________________________________________________________________
______
SCO Security Advisory
Subject: OpenServer 5.0.7 : Mozilla Multiple issues
Advisory number: SCOSA-2004.8
Issue date: 2004 July 20
Cross reference: sr889065 fz528708 erg712531 CAN-2003-0594
________________________________________________________________________
______
1. Problem Description
Mozilla upgrade to version 1.6. fixes several security isuses.
Mozilla Browser Scope Cross-Domain Function or Variable Disclosure
Jesse Ruderman has reported a vulnerability in Mozilla where a
malicious site may detect whether functions or variables are defined
in another browser window. The issue is reported to exist due to a
lack of sufficient access controls enforced on eval() calls. An
attacker may exploit this issue to potentially enumerate browsing
habits of an unsuspecting user.
Mozilla Browser Proxy Server Authentication Credential Disclosure
Darin Fisher has reported an information disclosure bug in Mozilla.
When the user attempts to connect to a malicious server subsequent to
successfully authenticating to the trusted server and if the malicious
proxy with a same realm as the trusted server sends the user a "407
Proxy authentication required" message, Mozilla will send the cached
authentication credentials from the previous exchange with the trusted
proxy to the malicious server. This is carried out regardless of the
different domain name or IP address of the malicious server.
Mozilla Custom Getter/Setter Objects Same Origin Policy Violation
Jesse Ruderman has reported a same origin policy violation vulnerability
in Mozilla. It has been reported that custom getter/setter objects do
not possess a check for the Same Origin Policy. This may allow the
object to be invoked to gain access to properties of another domain in
a frame or iframe.
Mozilla URI Sub-Directory Arbitrary Cookie Access Vulnerability
Stephen P. Morse discovered a problem in the behavior of the cookie
handling in Mozilla. If similar path attributes exist in two separate
cookies, it may be possible for a site to gain unauthorized access to
cookies issued by another site in the same domain. The correct behavior
is to restrict this type of access based both on domain and exact path
attribute information.
Mozilla Browser Cookie Path Restriction Bypass Vulnerability
Daniel Veditz has reported a vulnerability in Mozilla where a malicious
site may read cookies from unauthorized paths due to a lack of
sufficient sanitization performed on cookie paths. A malicious cookie
path containing certain escape sequence will reportedly bypass cookie
path access controls.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2003-0594 to this issue.
Mozilla Browser Script.prototype.freeze/thaw Arbitrary Code Execution
Brendan Eich has reported a vulnerability in Mozilla that may permit
remote attackers to execute arbitrary code. The issue is in the
JavaScript Script.prototype.freeze/thaw functionality. An attacker with
knowledge of JavaScript bytecode and JavaScript engine internals, as
well as the native architecture of a client system may theoretically
cause arbitrary code to be executed.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
OpenServer 5.0.7 Mozilla distribution
3. Solution
The proper solution is to install the latest packages.
4. OpenServer 5.0.7
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/openserver5/507/mp/mp3/507mp3_vol.tar
4.2 Verification
MD5 (507mp3_vol.tar) = c927aefdd50b50aca5d29e08c1562aec
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.3 Installing Fixed Binaries
Read the Maintenance Pack 3 Release and Installation Notes at
ftp://ftp.sco.com/pub/openserver5/507/mp/mp3/osr507mp3.txt
5. References
Specific references for this advisory:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0594
http://www.securityfocus.com/bid/9322
http://www.securityfocus.com/bid/9323
http://www.securityfocus.com/bid/9325
http://www.securityfocus.com/bid/9326
http://www.securityfocus.com/bid/9328
http://www.securityfocus.com/bid/9330
SCO security resources:
http://www.sco.com/support/security/index.html
SCO security advisories via email
http://www.sco.com/support/forums/security.html
This security fix closes SCO incidents sr889065 fz528708
erg712531.
6. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.
7. Acknowledgments
SCO would like to thank Jesse Ruderman, Darin Fisher, Stephen P. Morse,
Daniel Veditz, Brendan Eich, and the Mozilla team.
________________________________________________________________________
______
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (SCO/UNIX_SVR5)
iD8DBQFBACHcaqoBO7ipriERAtsFAJ9OYWMxcrqGEXbO3jE3ej1M2x9FVQCfS7FJ
Tj7sYxhkzoA2XkRI6cv0Nes=
=wLKz
-----END PGP SIGNATURE-----
[ reply ]