Mozilla Mozilla/Firefox Cross-Domain Tab Window Script Execution Vulnerability
BID:12465
Info
Mozilla Mozilla/Firefox Cross-Domain Tab Window Script Execution Vulnerability
| Bugtraq ID: | 12465 |
| Class: | Access Validation Error |
| CVE: |
CVE-2005-0231 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 07 2005 12:00AM |
| Updated: | Jul 12 2009 10:06AM |
| Credit: | Discovery is credited to "mikx" <[email protected]>. This issue affecting Netscape was reported by Juha-Matti Laurio. |
| Vulnerable: |
SGI ProPack 3.0 Redhat Linux 9.0 i386 Redhat Linux 7.3 i686 Redhat Linux 7.3 i386 Redhat Linux 7.3 Redhat Fedora Core2 Redhat Fedora Core1 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux WS 2.1 IA64 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux ES 2.1 IA64 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux AS 2.1 IA64 Redhat Enterprise Linux AS 2.1 Redhat Desktop 3.0 Redhat Advanced Workstation for the Itanium Processor 2.1 IA64 Redhat Advanced Workstation for the Itanium Processor 2.1 Netscape Netscape 7.2 Netscape Netscape 7.1 Netscape Netscape 7.0 Mozilla Firefox 1.0 Mozilla Browser 1.7.5 Gentoo Linux |
| Not Vulnerable: |
Netscape Netscape 8.0 Mozilla Firefox 1.0.1 |
Discussion
Mozilla Mozilla/Firefox Cross-Domain Tab Window Script Execution Vulnerability
Mozilla Mozilla/Firefox are reported prone to a cross-domain script execution vulnerability. The issue is reported to exist because the browsers fail to prevent JavaScript that originates from one tab from accessing properties of a site contained in another tab. Typically, the Javascript security manager prevents a 'javascript:' URI from one domain to be opened in the context of a site from another window, however tabbed browsing can be used to bypass this security restriction.
This issue is reported to affect Firefox 1.0, however, it is possible that other versions are affected as well. Mozilla 1.7.5 was also reported vulnerable.
Mozilla Mozilla/Firefox are reported prone to a cross-domain script execution vulnerability. The issue is reported to exist because the browsers fail to prevent JavaScript that originates from one tab from accessing properties of a site contained in another tab. Typically, the Javascript security manager prevents a 'javascript:' URI from one domain to be opened in the context of a site from another window, however tabbed browsing can be used to bypass this security restriction.
This issue is reported to affect Firefox 1.0, however, it is possible that other versions are affected as well. Mozilla 1.7.5 was also reported vulnerable.
Exploit / POC
Mozilla Mozilla/Firefox Cross-Domain Tab Window Script Execution Vulnerability
An exploit is not required.
A proof of concept example is available from the following location:
http://www.mikx.de/firetabbing/
An exploit is not required.
A proof of concept example is available from the following location:
http://www.mikx.de/firetabbing/
Solution / Fix
Mozilla Mozilla/Firefox Cross-Domain Tab Window Script Execution Vulnerability
Solution:
Mozilla has released version 1.0.1 of Firefox to address this, and other issues:
SGI has released an advisory 20050501-01-U including updated SGI ProPack 3 Service Pack 5 packages to address this BID and other issues. Please see the referenced advisory for more information.
Red Hat has released advisory RHSA-2005:384-11 and fixes to address this and other issues on Red Hat Linux Enterprise platforms. Customers who are affected are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.
RedHat Fedora Linux has made an advisory available dealing with this issue in their Core 3 distribution. Please see the reference section for more information.
Gentoo has released an advisory (GLSA 200503-10) and updated eBuilds to address this vulnerability. Gentoo users that are running the affected software may apply the update by issuing the following sequence of commands as a superuser:
For Firefox users:
emerge --sync
emerge --ask --oneshot --verbose ">=net-www/mozilla-firefox-1.0.1"
For Firefox binary users:
emerge --sync
emerge --ask --oneshot --verbose ">=net-www/mozilla-firefox-bin-1.0.1"
SuSE Linux has released advisory SUSE-SA:2005:016 along with fixes dealing with this issue. Please see the referenced advisory for more information.
Gentoo has released advisory GLSA 200503-30 to address this issue. Please see the referenced advisory for more information. Gentoo users may carry out the following commands to update their computers:
Mozilla Suite users:
emerge --sync
emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.6"
Mozilla Suite binary users:
emerge --sync
emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.6"
RedHat Fedora Legacy has released advisory FLSA:152883 addressing this and other issues for RedHat Linux 7.3, 9 and for Fedora Core 1 and Core 2. Please see the referenced advisory for details on obtaining and applying the appropriate updates.
Netscape Browser 8.0 has been released to address various security issues. Please see the vendor advisory in Web references for more information.
Mozilla Firefox 1.0
Netscape Netscape 7.0
Netscape Netscape 7.1
Netscape Netscape 7.2
Solution:
Mozilla has released version 1.0.1 of Firefox to address this, and other issues:
SGI has released an advisory 20050501-01-U including updated SGI ProPack 3 Service Pack 5 packages to address this BID and other issues. Please see the referenced advisory for more information.
Red Hat has released advisory RHSA-2005:384-11 and fixes to address this and other issues on Red Hat Linux Enterprise platforms. Customers who are affected are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.
RedHat Fedora Linux has made an advisory available dealing with this issue in their Core 3 distribution. Please see the reference section for more information.
Gentoo has released an advisory (GLSA 200503-10) and updated eBuilds to address this vulnerability. Gentoo users that are running the affected software may apply the update by issuing the following sequence of commands as a superuser:
For Firefox users:
emerge --sync
emerge --ask --oneshot --verbose ">=net-www/mozilla-firefox-1.0.1"
For Firefox binary users:
emerge --sync
emerge --ask --oneshot --verbose ">=net-www/mozilla-firefox-bin-1.0.1"
SuSE Linux has released advisory SUSE-SA:2005:016 along with fixes dealing with this issue. Please see the referenced advisory for more information.
Gentoo has released advisory GLSA 200503-30 to address this issue. Please see the referenced advisory for more information. Gentoo users may carry out the following commands to update their computers:
Mozilla Suite users:
emerge --sync
emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.6"
Mozilla Suite binary users:
emerge --sync
emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.6"
RedHat Fedora Legacy has released advisory FLSA:152883 addressing this and other issues for RedHat Linux 7.3, 9 and for Fedora Core 1 and Core 2. Please see the referenced advisory for details on obtaining and applying the appropriate updates.
Netscape Browser 8.0 has been released to address various security issues. Please see the vendor advisory in Web references for more information.
Mozilla Firefox 1.0
-
Mozilla firefox-1.0.1-source.tar.bz2
http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/1.0.1/source/f irefox-1.0.1-source.tar.bz2 -
SuSE MozillaFirebird-1.0.1-2.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/MozillaFirebird-1 .0.1-2.i586.rpm -
SuSE MozillaFirebird-1.0.1-2.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/MozillaFirebi rd-1.0.1-2.x86_64.rpm -
SuSE MozillaFirefox-1.0.1-9.1.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/MozillaFirefox-1. 0.1-9.1.i586.rpm -
SuSE MozillaFirefox-1.0.1-9.1.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/MozillaFirefox-1. 0.1-9.1.i586.rpm -
SuSE MozillaFirefox-1.0.1-9.1.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/MozillaFirefox- 1.0.1-9.1.x86_64.rpm -
SuSE MozillaFirefox-1.0.1-9.1.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/MozillaFirefo x-1.0.1-9.1.x86_64.rpm
Netscape Netscape 7.0
-
Netscape Netscape 8.0
http://browser.netscape.com/ns8/download/
Netscape Netscape 7.1
-
Netscape Netscape 8.0
http://browser.netscape.com/ns8/download/
Netscape Netscape 7.2
-
Netscape Netscape 8.0
http://browser.netscape.com/ns8/download/
References
Mozilla Mozilla/Firefox Cross-Domain Tab Window Script Execution Vulnerability
References:
References:
- Firefox Release Notes (Mozilla)
- Mozilla Homepage (Mozilla Foundation)
- RHSA-2005:384-11 - Mozilla security update (Red Hat)
- Security Alerts (Netscape)
- Firetabbing [Firefox 1.0] ("mikx"