BID:13228

Mozilla Firefox PLUGINSPAGE Remote Script Code Execution Vulnerability

Info

Mozilla Firefox PLUGINSPAGE Remote Script Code Execution Vulnerability

Bugtraq ID:	13228
Class:	Access Validation Error
CVE:	CVE-2005-0752
Remote:	Yes
Local:	No
Published:	Apr 16 2005 12:00AM
Updated:	Feb 22 2007 03:16AM
Credit:	Omar Khan and Doron Rosenberg are credited with the discovery of this issue.
Vulnerable:	SuSE SUSE Linux Enterprise Server 8 + Linux kernel 2.4.21 + Linux kernel 2.4.19 SuSE Linux Enterprise Server 9 SuSE Linux Desktop 1.0 SuSE Linux 8.0 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 Netscape Netscape 7.2 Netscape Netscape 7.1 Netscape Netscape 7.0 Netscape Navigator 7.2 Netscape Navigator 7.1 Netscape Navigator 7.0.2 Netscape Navigator 7.0 Mozilla Firefox 1.0.2 + Mandriva Linux Mandrake 10.2 x86_64 + Mandriva Linux Mandrake 10.2 + Mandriva Linux Mandrake 10.2 + Redhat Desktop 4.0 + Redhat Desktop 4.0 + Redhat Enterprise Linux AS 4 + Redhat Enterprise Linux AS 4 + Redhat Enterprise Linux ES 4 + Redhat Enterprise Linux ES 4 + Redhat Enterprise Linux WS 4 + Redhat Enterprise Linux WS 4 Mozilla Firefox 1.0.1 + Redhat Fedora Core3 Mozilla Firefox 1.0 + Gentoo Linux + Gentoo Linux + S.u.S.E. Linux Personal 9.2 x86_64 + S.u.S.E. Linux Personal 9.2 x86_64 + S.u.S.E. Linux Personal 9.2 + S.u.S.E. Linux Personal 9.2 + S.u.S.E. Linux Personal 9.1 x86_64 + S.u.S.E. Linux Personal 9.1 x86_64 + S.u.S.E. Linux Personal 9.1 + S.u.S.E. Linux Personal 9.1 + S.u.S.E. Linux Personal 9.0 x86_64 + S.u.S.E. Linux Personal 9.0 x86_64 + S.u.S.E. Linux Personal 9.0 + S.u.S.E. Linux Personal 9.0 + Slackware Linux 10.1 + Slackware Linux 10.0 + Slackware Linux 10.0 + Slackware Linux 9.1 + Slackware Linux 9.1 + Slackware Linux -current + Slackware Linux -current Mozilla Firefox 0.10.1 Mozilla Firefox 0.10 Mozilla Firefox 0.9.3 Mozilla Firefox 0.9.2 Mozilla Firefox 0.9.1 Mozilla Firefox 0.9 rc Mozilla Firefox 0.9 Mozilla Firefox 0.8 Mozilla Browser 1.7.6 + HP HP-UX B.11.23 + HP HP-UX B.11.23 + HP HP-UX B.11.22 + HP HP-UX B.11.22 + HP HP-UX B.11.11 + HP HP-UX B.11.11 + HP HP-UX B.11.11 + HP HP-UX B.11.11 + HP HP-UX B.11.00 + HP HP-UX B.11.00 + Redhat Desktop 4.0 + Redhat Desktop 4.0 + Redhat Enterprise Linux AS 4 + Redhat Enterprise Linux AS 4 + Redhat Enterprise Linux ES 4 + Redhat Enterprise Linux ES 4 + Redhat Enterprise Linux WS 4 + Redhat Enterprise Linux WS 4 + Turbolinux Home + Turbolinux Home + Turbolinux Turbolinux 10 F... + Turbolinux Turbolinux Desktop 10.0 + Turbolinux Turbolinux Desktop 10.0 + Turbolinux Turbolinux Server 10.0 + Turbolinux Turbolinux Server 10.0 Mozilla Browser 1.7.5 + HP Tru64 5.1 B-2 PK4 (BL25) + HP Tru64 5.1 B-2 PK4 + HP Tru64 5.1 B-2 PK4 + HP Tru64 5.1 B PK4 + HP Tru64 5.1 B PK4 + HP Tru64 5.1 A PK6 (BL24) + HP Tru64 5.1 A PK6 (BL24) + HP Tru64 5.1 A PK6 + HP Tru64 5.1 A PK6 Mozilla Browser 1.7.4 Mozilla Browser 1.7.3 + HP HP-UX B.11.23 + HP HP-UX B.11.22 + HP HP-UX B.11.22 + HP HP-UX B.11.11 + HP HP-UX B.11.11 + HP HP-UX B.11.11 + HP HP-UX B.11.11 + HP HP-UX B.11.00 + HP HP-UX B.11.00 + HP Tru64 5.1 B-2 PK4 (BL25) + HP Tru64 5.1 B-2 PK4 (BL25) + HP Tru64 5.1 B-2 PK4 + HP Tru64 5.1 B-2 PK4 + HP Tru64 5.1 B PK4 + HP Tru64 5.1 B PK4 + HP Tru64 5.1 A PK6 (BL24) + HP Tru64 5.1 A PK6 (BL24) + HP Tru64 5.1 A PK6 + HP Tru64 5.1 A PK6 Mozilla Browser 1.7.2 Mozilla Browser 1.7.1 Mozilla Browser 1.7 rc3 Mozilla Browser 1.7 rc2 Mozilla Browser 1.7 rc1 Mozilla Browser 1.7 beta Mozilla Browser 1.7 alpha Mozilla Browser 1.7 Mandriva Linux Mandrake 10.2 x86_64 Mandriva Linux Mandrake 10.2 Mandriva Linux Mandrake 10.1 x86_64 Mandriva Linux Mandrake 10.1 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0

Not Vulnerable:	Netscape Netscape 8.0 Mozilla Firefox 1.0.3 + Gentoo Linux Mozilla Browser 1.7.7 + Redhat Desktop 4.0 + Redhat Desktop 4.0 + Redhat Enterprise Linux AS 4 + Redhat Enterprise Linux AS 4 + Redhat Enterprise Linux ES 4 + Redhat Enterprise Linux ES 4 + Redhat Enterprise Linux WS 4 + Redhat Enterprise Linux WS 4 + Turbolinux Home + Turbolinux Home + Turbolinux Turbolinux 10 F... + Turbolinux Turbolinux 10 F... + Turbolinux Turbolinux Desktop 10.0 + Turbolinux Turbolinux Desktop 10.0 + Turbolinux Turbolinux Server 10.0

Discussion

Mozilla Firefox PLUGINSPAGE Remote Script Code Execution Vulnerability

A remote code-execution vulnerability affects Mozilla Firefox because the application fails to deny remote unauthorized access to malicious Plugin Finder Service links.

An attacker may be able to exploit this issue to execute arbitrary script code with the privileges of an unsuspecting user that activated the affected browser. This may facilitate the installation and execution of malicious applications, subsequently facilitating unauthorized access.

Note that this issue was previously reported in BID 13208 (Mozilla Suite Multiple Code Execution, Cross-Site Scripting, And Policy Bypass Vulnerabilities); it has been assigned its own BID.

Exploit / POC

Mozilla Firefox PLUGINSPAGE Remote Script Code Execution Vulnerability

No exploit is required to leverage this issue.

Solution / Fix

Mozilla Firefox PLUGINSPAGE Remote Script Code Execution Vulnerability

Solution:
Mozilla has released an advisory along with upgrades dealing with this issue. Please see the references for more information.

Mozilla Firefox 0.10