Mozilla Firefox Scrollbar Remote Code Execution Vulnerability
BID:12655
Info
Mozilla Firefox Scrollbar Remote Code Execution Vulnerability
| Bugtraq ID: | 12655 |
| Class: | Design Error |
| CVE: |
CVE-2005-0527 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 25 2005 12:00AM |
| Updated: | Jul 12 2009 10:56AM |
| Credit: | Michael Krax "mikx" <[email protected]> is credited with the discovery of this issue. |
| Vulnerable: |
SGI ProPack 3.0 Redhat Linux 9.0 i386 Redhat Linux 7.3 i686 Redhat Linux 7.3 i386 Redhat Linux 7.3 Redhat Fedora Core2 Redhat Fedora Core1 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux WS 2.1 IA64 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux ES 2.1 IA64 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux AS 2.1 IA64 Redhat Enterprise Linux AS 2.1 Redhat Desktop 3.0 Redhat Advanced Workstation for the Itanium Processor 2.1 IA64 Redhat Advanced Workstation for the Itanium Processor 2.1 Netscape Netscape 7.2 Netscape Netscape 7.1 Netscape Netscape 7.0 Mozilla Firefox 1.0 Mozilla Browser 1.7.5 Mozilla Browser 1.7.4 Mozilla Browser 1.7.3 Mozilla Browser 1.7.2 Mozilla Browser 1.7.1 Mozilla Browser 1.7 Mandriva Linux Mandrake 10.2 x86_64 Mandriva Linux Mandrake 10.2 Mandriva Linux Mandrake 10.1 x86_64 Mandriva Linux Mandrake 10.1 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 HP HP-UX B.11.23 HP HP-UX B.11.22 HP HP-UX B.11.11 HP HP-UX B.11.00 Gentoo Linux |
| Not Vulnerable: |
Netscape Netscape 8.0 Mozilla Firefox 1.0.1 Mozilla Browser 1.7.6 |
Discussion
Mozilla Firefox Scrollbar Remote Code Execution Vulnerability
Reportedly a remote code execution vulnerability affects Mozilla Firefox. This issue is due to a failure of the application to properly restrict the access rights of Web content.
An attacker may leverage this issue to compromise security of the affected browser; by exploiting this issue along with others (BIDs 12465 and 12466) it is possible to execute arbitrary code.
It should be noted that although only version 1.0 is reported vulnerable, other versions may be vulnerable as well.
Reportedly a remote code execution vulnerability affects Mozilla Firefox. This issue is due to a failure of the application to properly restrict the access rights of Web content.
An attacker may leverage this issue to compromise security of the affected browser; by exploiting this issue along with others (BIDs 12465 and 12466) it is possible to execute arbitrary code.
It should be noted that although only version 1.0 is reported vulnerable, other versions may be vulnerable as well.
Exploit / POC
Mozilla Firefox Scrollbar Remote Code Execution Vulnerability
The following proof of concept has been made available. It should be noted that the proof of concept and the website that it is hosted on have not been verified by Symantec:
http://www.mikx.de/firescrolling/
The following proof of concept has been made available. It should be noted that the proof of concept and the website that it is hosted on have not been verified by Symantec:
http://www.mikx.de/firescrolling/
Solution / Fix
Mozilla Firefox Scrollbar Remote Code Execution Vulnerability
Solution:
The vendor has relased Firefox version 1.0.1 dealing with this issue. Mozilla has reported that a pending release of Mozilla Suite 1.7.6 will be released dealing with these issues in the near future. This BID will be updated upon release.
SGI has released an advisory 20050501-01-U including updated SGI ProPack 3 Service Pack 5 packages to address this BID and other issues. Please see the referenced advisory for more information.
Red Hat has released advisory RHSA-2005:384-11 and fixes to address this and other issues on Red Hat Linux Enterprise platforms. Customers who are affected are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.
RedHat Fedora Linux has made an advisory available dealing with this issue in their Core 3 distribution. Please see the reference section for more information.
Gentoo has released an advisory (GLSA 200503-10) and updated eBuilds to address this vulnerability. Gentoo users that are running the affected software may apply the update by issuing the following sequence of commands as a superuser:
For Firefox users:
emerge --sync
emerge --ask --oneshot --verbose ">=net-www/mozilla-firefox-1.0.1"
For Firefox binary users:
emerge --sync
emerge --ask --oneshot --verbose ">=net-www/mozilla-firefox-bin-1.0.1"
Gentoo has released advisory GLSA 200503-30 to address this issue. Please see the referenced advisory for more information. Gentoo users may carry out the following commands to update their computers:
Mozilla Suite users:
emerge --sync
emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.6"
Mozilla Suite binary users:
emerge --sync
emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.6"
Mandriva has released advisory MDKSA-2005:088 and fixes to address this issue. Please see the referenced advisory for links to fixed packages.
Mandriva has released an updated advisory MDKSA-2005:088-1 and updated fixes to address a bug in the initial release of the fixes. Please see the referenced advisory for links to fixed packages.
RedHat Fedora Legacy has released advisory FLSA:152883 addressing this and other issues for RedHat Linux 7.3, 9 and for Fedora Core 1 and Core 2. Please see the referenced advisory for details on obtaining and applying the appropriate updates.
Netscape Browser 8.0 has been released to address various security issues. Please see the vendor advisory in Web references for more information.
HP advisory HPSBUX01133 (SSRT5940 rev.1 - HP-UX Mozilla remote, unauthorized user may execute privileged code) is available to address various issues affecting Mozilla. Please see the referenced advisory for more information.
Mozilla Firefox 1.0
Mozilla Browser 1.7
Mozilla Browser 1.7.1
Mozilla Browser 1.7.2
Mozilla Browser 1.7.3
Mozilla Browser 1.7.4
Mozilla Browser 1.7.5
Netscape Netscape 7.0
Netscape Netscape 7.1
Netscape Netscape 7.2
Solution:
The vendor has relased Firefox version 1.0.1 dealing with this issue. Mozilla has reported that a pending release of Mozilla Suite 1.7.6 will be released dealing with these issues in the near future. This BID will be updated upon release.
SGI has released an advisory 20050501-01-U including updated SGI ProPack 3 Service Pack 5 packages to address this BID and other issues. Please see the referenced advisory for more information.
Red Hat has released advisory RHSA-2005:384-11 and fixes to address this and other issues on Red Hat Linux Enterprise platforms. Customers who are affected are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.
RedHat Fedora Linux has made an advisory available dealing with this issue in their Core 3 distribution. Please see the reference section for more information.
Gentoo has released an advisory (GLSA 200503-10) and updated eBuilds to address this vulnerability. Gentoo users that are running the affected software may apply the update by issuing the following sequence of commands as a superuser:
For Firefox users:
emerge --sync
emerge --ask --oneshot --verbose ">=net-www/mozilla-firefox-1.0.1"
For Firefox binary users:
emerge --sync
emerge --ask --oneshot --verbose ">=net-www/mozilla-firefox-bin-1.0.1"
Gentoo has released advisory GLSA 200503-30 to address this issue. Please see the referenced advisory for more information. Gentoo users may carry out the following commands to update their computers:
Mozilla Suite users:
emerge --sync
emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.6"
Mozilla Suite binary users:
emerge --sync
emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.6"
Mandriva has released advisory MDKSA-2005:088 and fixes to address this issue. Please see the referenced advisory for links to fixed packages.
Mandriva has released an updated advisory MDKSA-2005:088-1 and updated fixes to address a bug in the initial release of the fixes. Please see the referenced advisory for links to fixed packages.
RedHat Fedora Legacy has released advisory FLSA:152883 addressing this and other issues for RedHat Linux 7.3, 9 and for Fedora Core 1 and Core 2. Please see the referenced advisory for details on obtaining and applying the appropriate updates.
Netscape Browser 8.0 has been released to address various security issues. Please see the vendor advisory in Web references for more information.
HP advisory HPSBUX01133 (SSRT5940 rev.1 - HP-UX Mozilla remote, unauthorized user may execute privileged code) is available to address various issues affecting Mozilla. Please see the referenced advisory for more information.
Mozilla Firefox 1.0
-
Mozilla Firefox 1.0.1
http://www.mozilla.org/products/firefox/
Mozilla Browser 1.7
-
Mozilla Browser Suite 1.x
http://www.mozilla.org/products/mozilla1.x/
Mozilla Browser 1.7.1
-
Mozilla Browser Suite 1.x
http://www.mozilla.org/products/mozilla1.x/
Mozilla Browser 1.7.2
-
Mozilla Browser Suite 1.x
http://www.mozilla.org/products/mozilla1.x/
Mozilla Browser 1.7.3
-
Mozilla Browser Suite 1.x
http://www.mozilla.org/products/mozilla1.x/
Mozilla Browser 1.7.4
-
Mozilla Browser Suite 1.x
http://www.mozilla.org/products/mozilla1.x/
Mozilla Browser 1.7.5
-
Mozilla Browser Suite 1.x
http://www.mozilla.org/products/mozilla1.x/
Netscape Netscape 7.0
-
Netscape Netscape 8.0
http://browser.netscape.com/ns8/download/
Netscape Netscape 7.1
-
Netscape Netscape 8.0
http://browser.netscape.com/ns8/download/
Netscape Netscape 7.2
-
Netscape Netscape 8.0
http://browser.netscape.com/ns8/download/
References
Mozilla Firefox Scrollbar Remote Code Execution Vulnerability
References:
References:
- Firefox Release Notes (Mozilla)
- MFSA 2005-27: Plugins can be used to load privileged content (Mozilla)
- RHSA-2005:384-11 - Mozilla security update (Red Hat)
- Security Alerts (Netscape)
- Firescrolling [Firefox 1.0] ("mikx"