Mozilla Suite And Firefox Document Object Model Nodes Code Execution Vulnerability

Bugtraq ID:	13233
Class:	Access Validation Error
CVE:	CVE-2005-1160
Remote:	Yes
Local:	No
Published:	Apr 16 2005 12:00AM
Updated:	Feb 22 2007 04:46PM
Credit:	moz_bug_r_a4 is credited with the discovery of this issue. Juha-Matti Laurio reported that this issue also affects Netscape.
Vulnerable:	Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 amd64 Ubuntu Ubuntu Linux 4.1 ppc Ubuntu Ubuntu Linux 4.1 ia64 Ubuntu Ubuntu Linux 4.1 ia32 SuSE SUSE Linux Enterprise Server 8 + Linux kernel 2.4.21 + Linux kernel 2.4.19 SuSE Linux Enterprise Server 9 SuSE Linux Desktop 1.0 SGI ProPack 3.0 SCO Unixware 7.1.4 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 9.1 x86_64 S.u.S.E. Linux Professional 9.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 Redhat Linux 9.0 i386 Redhat Linux 7.3 i686 Redhat Linux 7.3 i386 Redhat Linux 7.3 Redhat Fedora Core4 Redhat Fedora Core3 Redhat Fedora Core2 Redhat Fedora Core1 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux AS 2.1 Redhat Desktop 3.0 Redhat Advanced Workstation for the Itanium Processor 2.1 Netscape Netscape 7.2 Netscape Netscape 7.1 Netscape Netscape 7.0 Netscape Navigator 7.2 Netscape Navigator 7.1 Netscape Navigator 7.0.2 Netscape Navigator 7.0 Mozilla Firefox 1.0.2 + Mandriva Linux Mandrake 10.2 x86_64 + Mandriva Linux Mandrake 10.2 + Mandriva Linux Mandrake 10.2 + Redhat Desktop 4.0 + Redhat Desktop 4.0 + Redhat Enterprise Linux AS 4 + Redhat Enterprise Linux AS 4 + Redhat Enterprise Linux ES 4 + Redhat Enterprise Linux ES 4 + Redhat Enterprise Linux WS 4 + Redhat Enterprise Linux WS 4 Mozilla Firefox 1.0.1 + Redhat Fedora Core3 Mozilla Firefox 1.0 + Gentoo Linux + Gentoo Linux + S.u.S.E. Linux Personal 9.2 x86_64 + S.u.S.E. Linux Personal 9.2 x86_64 + S.u.S.E. Linux Personal 9.2 + S.u.S.E. Linux Personal 9.2 + S.u.S.E. Linux Personal 9.1 x86_64 + S.u.S.E. Linux Personal 9.1 x86_64 + S.u.S.E. Linux Personal 9.1 + S.u.S.E. Linux Personal 9.1 + S.u.S.E. Linux Personal 9.0 x86_64 + S.u.S.E. Linux Personal 9.0 x86_64 + S.u.S.E. Linux Personal 9.0 + S.u.S.E. Linux Personal 9.0 + Slackware Linux 10.1 + Slackware Linux 10.0 + Slackware Linux 10.0 + Slackware Linux 9.1 + Slackware Linux 9.1 + Slackware Linux -current + Slackware Linux -current Mozilla Firefox 0.10.1 Mozilla Firefox 0.10 Mozilla Firefox 0.9.3 Mozilla Firefox 0.9.2 Mozilla Firefox 0.9.1 Mozilla Firefox 0.9 rc Mozilla Firefox 0.9 Mozilla Firefox 0.8 Mozilla Browser 1.7.6 + HP HP-UX B.11.23 + HP HP-UX B.11.23 + HP HP-UX B.11.22 + HP HP-UX B.11.22 + HP HP-UX B.11.11 + HP HP-UX B.11.11 + HP HP-UX B.11.11 + HP HP-UX B.11.11 + HP HP-UX B.11.00 + HP HP-UX B.11.00 + Redhat Desktop 4.0 + Redhat Desktop 4.0 + Redhat Enterprise Linux AS 4 + Redhat Enterprise Linux AS 4 + Redhat Enterprise Linux ES 4 + Redhat Enterprise Linux ES 4 + Redhat Enterprise Linux WS 4 + Redhat Enterprise Linux WS 4 + Turbolinux Home + Turbolinux Home + Turbolinux Turbolinux 10 F... + Turbolinux Turbolinux Desktop 10.0 + Turbolinux Turbolinux Desktop 10.0 + Turbolinux Turbolinux Server 10.0 + Turbolinux Turbolinux Server 10.0 Mozilla Browser 1.7.5 + HP Tru64 5.1 B-2 PK4 (BL25) + HP Tru64 5.1 B-2 PK4 + HP Tru64 5.1 B-2 PK4 + HP Tru64 5.1 B PK4 + HP Tru64 5.1 B PK4 + HP Tru64 5.1 A PK6 (BL24) + HP Tru64 5.1 A PK6 (BL24) + HP Tru64 5.1 A PK6 + HP Tru64 5.1 A PK6 Mozilla Browser 1.7.4 Mozilla Browser 1.7.3 + HP HP-UX B.11.23 + HP HP-UX B.11.22 + HP HP-UX B.11.22 + HP HP-UX B.11.11 + HP HP-UX B.11.11 + HP HP-UX B.11.11 + HP HP-UX B.11.11 + HP HP-UX B.11.00 + HP HP-UX B.11.00 + HP Tru64 5.1 B-2 PK4 (BL25) + HP Tru64 5.1 B-2 PK4 (BL25) + HP Tru64 5.1 B-2 PK4 + HP Tru64 5.1 B-2 PK4 + HP Tru64 5.1 B PK4 + HP Tru64 5.1 B PK4 + HP Tru64 5.1 A PK6 (BL24) + HP Tru64 5.1 A PK6 (BL24) + HP Tru64 5.1 A PK6 + HP Tru64 5.1 A PK6 Mozilla Browser 1.7.2 Mozilla Browser 1.7.1 Mozilla Browser 1.7 rc3 Mozilla Browser 1.7 rc2 Mozilla Browser 1.7 rc1 Mozilla Browser 1.7 beta Mozilla Browser 1.7 alpha Mozilla Browser 1.7 Mandriva Linux Mandrake 10.2 x86_64 Mandriva Linux Mandrake 10.2 Mandriva Linux Mandrake 10.1 x86_64 Mandriva Linux Mandrake 10.1 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 HP HP-UX B.11.23 HP HP-UX B.11.22 HP HP-UX B.11.11 HP HP-UX B.11.00 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1
Not Vulnerable:	Netscape Netscape 8.0 Mozilla Firefox 1.0.3 + Gentoo Linux Mozilla Browser 1.7.7 + Redhat Desktop 4.0 + Redhat Desktop 4.0 + Redhat Enterprise Linux AS 4 + Redhat Enterprise Linux AS 4 + Redhat Enterprise Linux ES 4 + Redhat Enterprise Linux ES 4 + Redhat Enterprise Linux WS 4 + Redhat Enterprise Linux WS 4 + Turbolinux Home + Turbolinux Home + Turbolinux Turbolinux 10 F... + Turbolinux Turbolinux 10 F... + Turbolinux Turbolinux Desktop 10.0 + Turbolinux Turbolinux Desktop 10.0 + Turbolinux Turbolinux Server 10.0

Mozilla Suite And Firefox Document Object Model Nodes Code Execution Vulnerability

Mozilla Suite and Mozilla Firefox are affected by a code-execution vulnerability. This issue is due to a failure in the application to properly verify Document Object Model (DOM) property values.

An attacker may leverage this issue to execute arbitrary code with the privileges of the user that activated the vulnerable browser, ultimately facilitating a compromise of the affected computer.

Note that this issue was previously reported in BID 13208 (Mozilla Suite Multiple Code Execution, Cross-Site Scripting, And Policy Bypass Vulnerabilities); it has been assigned its own BID.

Mozilla Suite And Firefox Document Object Model Nodes Code Execution Vulnerability


Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]

Mozilla Suite And Firefox Document Object Model Nodes Code Execution Vulnerability

Solution:
Mozilla has released an advisory along with upgrades dealing with this issue.

Please see the referenced advisories for further information.


Mozilla Firefox 0.10

• Mozilla Firefox 1.0.3
  http://www.mozilla.org/products/firefox/

Mozilla Firefox 0.8

• Mozilla Firefox 1.0.3
  http://www.mozilla.org/products/firefox/

Mozilla Firefox 0.9

• Mozilla Firefox 1.0.3
  http://www.mozilla.org/products/firefox/

Mozilla Firefox 0.9.1

• Mozilla Firefox 1.0.3
  http://www.mozilla.org/products/firefox/

Mozilla Firefox 0.9.2

• Mozilla Firefox 1.0.3
  http://www.mozilla.org/products/firefox/

Mozilla Firefox 0.9.3

• Mozilla Firefox 1.0.3
  http://www.mozilla.org/products/firefox/

Mozilla Firefox 1.0

• Mozilla Firefox 1.0.3
  http://www.mozilla.org/products/firefox/

Mozilla Firefox 1.0.1

• Mozilla Firefox 1.0.3
  http://www.mozilla.org/products/firefox/

Mozilla Firefox 1.0.2

• Mozilla Firefox 1.0.3
  http://www.mozilla.org/products/firefox/

Mozilla Browser 1.7 rc1

• Mozilla Suite 1.7.7
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.7

• Mozilla Suite 1.7.7
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.7 rc2

• Mozilla Suite 1.7.7
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.7 alpha

• Mozilla Suite 1.7.7
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.7 beta

• Mozilla Suite 1.7.7
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.7.1

• Mozilla Suite 1.7.7
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.7.2

• Mozilla Suite 1.7.7
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.7.3

• Mozilla Suite 1.7.7
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.7.4

• Mozilla Suite 1.7.7
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.7.5

• Mozilla Suite 1.7.7
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.7.6

• Mozilla Suite 1.7.7
  http://www.mozilla.org/products/mozilla1.x/

S.u.S.E. Linux Professional 10.0

• SuSE MozillaFirefox-1.0.8-0.2.ppc.rpm
  SUSE LINUX 10.0:
  ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/MozillaFirefox-1. 0.8-0.2.ppc.rpm


• SuSE MozillaThunderbird-1.0.8-0.2.i586.rpm
  SUSE LINUX 10.0:
  ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/MozillaThunderbi rd-1.0.8-0.2.i586.rpm


• SuSE MozillaThunderbird-1.0.8-0.2.x86_64.rpm
  SUSE LINUX 10.0:
  ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/MozillaThunder bird-1.0.8-0.2.x86_64.rpm

Netscape Netscape 7.0

• Netscape Netscape 8.0
  http://browser.netscape.com/ns8/download/

Netscape Netscape 7.1

• Netscape Netscape 8.0
  http://browser.netscape.com/ns8/download/

Netscape Netscape 7.2

• Netscape Netscape 8.0
  http://browser.netscape.com/ns8/download/

S.u.S.E. Linux Professional 9.1 x86_64

• SuSE MozillaFirefox-1.0.3-0.5.x86_64.rpm
  SUSE Linux 9.1:
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/MozillaFirefo x-1.0.3-0.5.x86_64.rpm

S.u.S.E. Linux Professional 9.1

• SuSE MozillaFirefox-1.0.3-0.5.i586.rpm
  SUSE Linux 9.1:
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/MozillaFirefox-1. 0.3-0.5.i586.rpm


• SuSE MozillaThunderbird-1.0.8-0.1.i586.rpm
  SUSE LINUX 9.1:
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/MozillaThunderbir d-1.0.8-0.1.i586.rpm


• SuSE MozillaThunderbird-1.0.8-0.1.x86_64.rpm
  SUSE LINUX 9.1:
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/MozillaThunde rbird-1.0.8-0.1.x86_64.rpm

S.u.S.E. Linux Professional 9.2 x86_64

• SuSE mozilla-1.7.2-17.9.x86_64.rpm
  SUSE Linux 9.2:
  ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-1.7.2-1 7.9.x86_64.rpm


• SuSE mozilla-calendar-1.7.2-17.9.x86_64.rpm
  SUSE Linux 9.2:
  ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-calenda r-1.7.2-17.9.x86_64.rpm


• SuSE mozilla-devel-1.7.2-17.9.x86_64.rpm
  SUSE Linux 9.2:
  ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-devel-1 .7.2-17.9.x86_64.rpm


• SuSE mozilla-dom-inspector-1.7.2-17.9.x86_64.rpm
  SUSE Linux 9.2:
  ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-dom-ins pector-1.7.2-17.9.x86_64.rpm


• SuSE mozilla-irc-1.7.2-17.9.x86_64.rpm
  SUSE Linux 9.2:
  ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-irc-1.7 .2-17.9.x86_64.rpm


• SuSE mozilla-mail-1.7.2-17.9.x86_64.rpm
  SUSE Linux 9.2:
  ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-mail-1. 7.2-17.9.x86_64.rpm


• SuSE mozilla-spellchecker-1.7.2-17.9.x86_64.rpm
  SUSE Linux 9.2:
  ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-spellch ecker-1.7.2-17.9.x86_64.rpm


• SuSE mozilla-venkman-1.7.2-17.9.x86_64.rpm
  SUSE Linux 9.2:
  ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-venkman -1.7.2-17.9.x86_64.rpm


• SuSE MozillaFirefox-1.0.3-1.1.x86_64.rpm
  SUSE Linux 9.2:
  ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/MozillaFirefox- 1.0.3-1.1.x86_64.rpm

S.u.S.E. Linux Professional 9.3 x86_64

• SuSE mozilla-1.7.5-17.2.x86_64.rpm
  SUSE Linux 9.3:
  ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-1.7.5-1 7.2.x86_64.rpm


• SuSE mozilla-calendar-1.7.5-17.2.x86_64.rpm
  SUSE Linux 9.3:
  ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-calenda r-1.7.5-17.2.x86_64.rpm


• SuSE mozilla-devel-1.7.5-17.2.x86_64.rpm
  SUSE Linux 9.3:
  ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-devel-1 .7.5-17.2.x86_64.rpm


• SuSE mozilla-dom-inspector-1.7.5-17.2.x86_64.rpm
  SUSE Linux 9.3:
  ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-dom-ins pector-1.7.5-17.2.x86_64.rpm


• SuSE mozilla-irc-1.7.5-17.2.x86_64.rpm
  SUSE Linux 9.3:
  ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-irc-1.7 .5-17.2.x86_64.rpm


• SuSE mozilla-mail-1.7.5-17.2.x86_64.rpm
  SUSE Linux 9.3:
  ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-mail-1. 7.5-17.2.x86_64.rpm


• SuSE mozilla-spellchecker-1.7.5-17.2.x86_64.rpm
  SUSE Linux 9.3:
  ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-spellch ecker-1.7.5-17.2.x86_64.rpm


• SuSE mozilla-venkman-1.7.5-17.2.x86_64.rpm
  SUSE Linux 9.3:
  ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-venkman -1.7.5-17.2.x86_64.rpm

S.u.S.E. Linux Professional 9.3

• SuSE mozilla-1.7.5-17.2.i586.rpm
  SUSE Linux 9.3:
  ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-1.7.5-17. 2.i586.rpm


• SuSE mozilla-32bit-9.3-7.1.x86_64.rpm
  SUSE Linux 9.3:
  ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-32bit-9 .3-7.1.x86_64.rpm


• SuSE mozilla-calendar-1.7.5-17.2.i586.rpm
  SUSE Linux 9.3:
  ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-calendar- 1.7.5-17.2.i586.rpm


• SuSE mozilla-devel-1.7.5-17.2.i586.rpm
  SUSE Linux 9.3:
  ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-devel-1.7 .5-17.2.i586.rpm


• SuSE mozilla-dom-inspector-1.7.5-17.2.i586.rpm
  SUSE Linux 9.3:
  ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-dom-inspe ctor-1.7.5-17.2.i586.rpm


• SuSE mozilla-irc-1.7.5-17.2.i586.rpm
  SUSE Linux 9.3:
  ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-irc-1.7.5 -17.2.i586.rpm


• SuSE mozilla-mail-1.7.5-17.2.i586.rpm
  SUSE Linux 9.3:
  ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-mail-1.7. 5-17.2.i586.rpm


• SuSE mozilla-spellchecker-1.7.5-17.2.i586.rpm
  SUSE Linux 9.3:
  ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-spellchec ker-1.7.5-17.2.i586.rpm


• SuSE mozilla-venkman-1.7.5-17.2.i586.rpm
  SUSE Linux 9.3:
  ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-venkman-1 .7.5-17.2.i586.rpm


• SuSE MozillaFirefox-1.0.3-1.1.i586.rpm
  SUSE Linux 9.3:
  ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/MozillaFirefox-1. 0.3-1.1.i586.rpm


• SuSE MozillaFirefox-translations-1.0.3-1.1.i586.rpm
  SUSE Linux 9.3:
  ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/MozillaFirefox-tr anslations-1.0.3-1.1.i586.rpm


• SuSE MozillaThunderbird-1.0.8-0.2.i586.rpm
  SUSE LINUX 9.3:
  ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/MozillaThunderbir d-1.0.8-0.2.i586.rpm


• SuSE MozillaThunderbird-1.0.8-0.2.x86_64.rpm
  SUSE LINUX 9.3:
  ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/MozillaThunderb ird-1.0.8-0.2.x86_64.rpm

Mozilla Suite And Firefox Document Object Model Nodes Code Execution Vulnerability

References:

• Mozilla Firefox Home Page (Mozilla)
  
• Mozilla Foundation Security Advisory 2005-37 - Code execution through javascrip (Mozilla)
  
• Mozilla Foundation Security Advisory 2005-41 - Privilege escalation via DOM prop (Mozilla)
  
• Mozilla Homepage (Mozilla Foundation)
  
• Networksecurity.fi Security Advisory (04-05-2005) (Juha-Matti Laurio)
  
• Networksecurity.fi Security Advisory (29-04-2005) (Juha-Matti Laurio)
  
• RHSA-2005:383-07 - firefox security update (RedHat)
  
• RHSA-2005:384-11 - Mozilla security update (Red Hat)
  
• RHSA-2005:386-08 - Mozilla security update (RedHat)
  
• Security Alerts (Netscape)
  
• Firelinking [Firefox 1.0.2] ("mikx" )