BID:18083

Multiple Browsers Exception Handling Information Disclosure Vulnerability

Info

Multiple Browsers Exception Handling Information Disclosure Vulnerability

Bugtraq ID:	18083
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	May 23 2006 12:00AM
Updated:	May 24 2006 04:58PM
Credit:	Martin Hassman is credited with the discovery of this vulnerability.
Vulnerable:	Netscape Netscape 8.0.3 .3 Netscape Netscape 8.0.3 .1 Netscape Netscape 8.0.2 Netscape Netscape 8.0.1 Netscape Netscape 8.0 Netscape Netscape 7.2 Netscape Netscape 7.1 Netscape Netscape 7.0 Mozilla Firefox 1.5 beta 2 Mozilla Firefox 1.5 beta 1 Mozilla Firefox 1.5 Mozilla Firefox 1.0.8 Mozilla Firefox 1.0.7 Mozilla Firefox 1.0.6 Mozilla Firefox 1.0.5 Mozilla Firefox 1.0.5 Mozilla Firefox 1.0.4 Mozilla Firefox 1.0.3 + Gentoo Linux Mozilla Firefox 1.0.2 + Mandriva Linux Mandrake 10.2 x86_64 + Mandriva Linux Mandrake 10.2 + Mandriva Linux Mandrake 10.2 + Redhat Desktop 4.0 + Redhat Desktop 4.0 + Redhat Enterprise Linux AS 4 + Redhat Enterprise Linux AS 4 + Redhat Enterprise Linux ES 4 + Redhat Enterprise Linux ES 4 + Redhat Enterprise Linux WS 4 + Redhat Enterprise Linux WS 4 Mozilla Firefox 1.0.1 + Redhat Fedora Core3 Mozilla Firefox 1.0 + Gentoo Linux + Gentoo Linux + S.u.S.E. Linux Personal 9.2 x86_64 + S.u.S.E. Linux Personal 9.2 x86_64 + S.u.S.E. Linux Personal 9.2 + S.u.S.E. Linux Personal 9.2 + S.u.S.E. Linux Personal 9.1 x86_64 + S.u.S.E. Linux Personal 9.1 x86_64 + S.u.S.E. Linux Personal 9.1 + S.u.S.E. Linux Personal 9.1 + S.u.S.E. Linux Personal 9.0 x86_64 + S.u.S.E. Linux Personal 9.0 x86_64 + S.u.S.E. Linux Personal 9.0 + S.u.S.E. Linux Personal 9.0 + Slackware Linux 10.1 + Slackware Linux 10.0 + Slackware Linux 10.0 + Slackware Linux 9.1 + Slackware Linux 9.1 + Slackware Linux -current + Slackware Linux -current Mozilla Firefox 0.10.1 Mozilla Firefox 0.10 Mozilla Firefox 0.9.3 Mozilla Firefox 0.9.2 Mozilla Firefox 0.9.1 Mozilla Firefox 0.9 rc Mozilla Firefox 0.9 Mozilla Firefox 0.8 Mozilla Firefox Preview Release Mozilla Firefox 1.5.0.3 Mozilla Firefox 1.5.0.2 Mozilla Firefox 1.5.0.2 Mozilla Firefox 1.5.0.1 Mozilla Browser 1.7.13 Mozilla Browser 1.7.12 Mozilla Browser 1.7.11 Mozilla Browser 1.7.10 Mozilla Browser 1.7.9 Mozilla Browser 1.7.8 Mozilla Browser 1.7.7 + Redhat Desktop 4.0 + Redhat Desktop 4.0 + Redhat Enterprise Linux AS 4 + Redhat Enterprise Linux AS 4 + Redhat Enterprise Linux ES 4 + Redhat Enterprise Linux ES 4 + Redhat Enterprise Linux WS 4 + Redhat Enterprise Linux WS 4 + Turbolinux Home + Turbolinux Home + Turbolinux Turbolinux 10 F... + Turbolinux Turbolinux 10 F... + Turbolinux Turbolinux Desktop 10.0 + Turbolinux Turbolinux Desktop 10.0 + Turbolinux Turbolinux Server 10.0 Mozilla Browser 1.7.6 + HP HP-UX B.11.23 + HP HP-UX B.11.23 + HP HP-UX B.11.22 + HP HP-UX B.11.22 + HP HP-UX B.11.11 + HP HP-UX B.11.11 + HP HP-UX B.11.11 + HP HP-UX B.11.11 + HP HP-UX B.11.00 + HP HP-UX B.11.00 + Redhat Desktop 4.0 + Redhat Desktop 4.0 + Redhat Enterprise Linux AS 4 + Redhat Enterprise Linux AS 4 + Redhat Enterprise Linux ES 4 + Redhat Enterprise Linux ES 4 + Redhat Enterprise Linux WS 4 + Redhat Enterprise Linux WS 4 + Turbolinux Home + Turbolinux Home + Turbolinux Turbolinux 10 F... + Turbolinux Turbolinux Desktop 10.0 + Turbolinux Turbolinux Desktop 10.0 + Turbolinux Turbolinux Server 10.0 + Turbolinux Turbolinux Server 10.0 Mozilla Browser 1.7.5 + HP Tru64 5.1 B-2 PK4 (BL25) + HP Tru64 5.1 B-2 PK4 + HP Tru64 5.1 B-2 PK4 + HP Tru64 5.1 B PK4 + HP Tru64 5.1 B PK4 + HP Tru64 5.1 A PK6 (BL24) + HP Tru64 5.1 A PK6 (BL24) + HP Tru64 5.1 A PK6 + HP Tru64 5.1 A PK6 Mozilla Browser 1.7.4 Mozilla Browser 1.7.3 + HP HP-UX B.11.23 + HP HP-UX B.11.22 + HP HP-UX B.11.22 + HP HP-UX B.11.11 + HP HP-UX B.11.11 + HP HP-UX B.11.11 + HP HP-UX B.11.11 + HP HP-UX B.11.00 + HP HP-UX B.11.00 + HP Tru64 5.1 B-2 PK4 (BL25) + HP Tru64 5.1 B-2 PK4 (BL25) + HP Tru64 5.1 B-2 PK4 + HP Tru64 5.1 B-2 PK4 + HP Tru64 5.1 B PK4 + HP Tru64 5.1 B PK4 + HP Tru64 5.1 A PK6 (BL24) + HP Tru64 5.1 A PK6 (BL24) + HP Tru64 5.1 A PK6 + HP Tru64 5.1 A PK6 Mozilla Browser 1.7.2 Mozilla Browser 1.7.1 Mozilla Browser 1.7 rc3 Mozilla Browser 1.7 rc2 Mozilla Browser 1.7 rc1 Mozilla Browser 1.7 beta Mozilla Browser 1.7 alpha Mozilla Browser 1.7

Not Vulnerable:

Discussion

Multiple Browsers Exception Handling Information Disclosure Vulnerability

Multiple browsers are prone to an information-disclosure vulnerability.

An attacker can exploit this issue to retrieve the installation directory of affected applications and potentially retrieve profile information in certain configurations. Information obtained may aid in further attacks.

Exploit / POC

Multiple Browsers Exception Handling Information Disclosure Vulnerability

This issue may be exploited through malicious web pages.

A malicious page containing a faulty 'window.sidebar.addSearchEngine()' call will trigger this issue in Mozilla and Mozilla Firefox.

Solution / Fix

Multiple Browsers Exception Handling Information Disclosure Vulnerability

Solution:
Mozilla has released a patch to address this issue in affected applications; please see the reference section for further details.

References

Multiple Browsers Exception Handling Information Disclosure Vulnerability

References:

Bugzilla Bug 267645 (Martin Hassman)
Bugzilla Bug 268370 - missing argument when failing to add a search engine (Valentijn Sessink)
Mozilla Firefox Home Page (Mozilla)
Mozilla Homepage (Mozilla Foundation)
Proof of Concept (Mozilla)