BID:22826

Mozilla Firefox Javascript URI Remote Code Execution Vulnerability

Info

Mozilla Firefox Javascript URI Remote Code Execution Vulnerability

Bugtraq ID:	22826
Class:	Input Validation Error
CVE:	CVE-2007-0994
Remote:	Yes
Local:	No
Published:	Mar 05 2007 12:00AM
Updated:	Sep 05 2007 03:41PM
Credit:	Anbo Motohiko is credited with discovering this vulnerability.
Vulnerable:	Turbolinux Turbolinux Server 10.0 x86 Turbolinux Turbolinux Server 10.0 Turbolinux Turbolinux Server 10.0.0 x64 Turbolinux Turbolinux Desktop 10.0 Turbolinux Turbolinux FUJI Turbolinux Turbolinux 10 F... TurboLinux Personal TurboLinux Multimedia Turbolinux Home SuSE SUSE Linux Enterprise Server 8 + Linux kernel 2.4.21 + Linux kernel 2.4.19 SuSE Linux Enterprise Server 9 SuSE Linux 9.3 x86 SuSE Linux 10.1 x86 SuSE Linux 10.0 x86 Slackware Linux 10.2 Slackware Linux 11.0 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. openSUSE 10.2 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Novell Linux POS 9 S.u.S.E. Novell Linux Desktop 9 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux WS 2.1 IA64 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux ES 2.1 IA64 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux Desktop Workstation 5 client Redhat Enterprise Linux Desktop 5 client Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux AS 2.1 IA64 Redhat Enterprise Linux AS 2.1 Redhat Enterprise Linux 5 Server Redhat Desktop 4.0 Redhat Desktop 3.0 Redhat Advanced Workstation for the Itanium Processor 2.1 IA64 Redhat Advanced Workstation for the Itanium Processor 2.1 Mozilla SeaMonkey 1.0.7 Mozilla Firefox 2.0 .1 Mozilla Firefox 1.0.4 Mozilla Firefox 1.5.0.9 HP HP-UX B.11.23 HP HP-UX B.11.11 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1

Not Vulnerable:	Mozilla SeaMonkey 1.1.1 Mozilla SeaMonkey 1.0.8 Mozilla Firefox 2.0.0.2 Mozilla Firefox 1.5.0.10

Discussion

Mozilla Firefox Javascript URI Remote Code Execution Vulnerability

Mozilla Firefox is prone to a remote code-execution vulnerability due to a design error.

Attackers may exploit this issue by enticing victims into visiting a malicious site.

Successful exploits may allow an attacker to crash the application or execute arbitrary code in the context of the affected application.

Exploit / POC

Mozilla Firefox Javascript URI Remote Code Execution Vulnerability

An attacker may exploit this issue by enticing victims into visiting a malicious site.

Solution / Fix

Mozilla Firefox Javascript URI Remote Code Execution Vulnerability

Solution:
The vendor released fixes to address this issue. Please see the references for more information.

Mozilla Firefox 1.5.0.9

Mozilla Firefox 1.5.0.10
http://www.mozilla.com/products/download.html?product=firefox-1.5.0.10 &os=win&lang=en-US

Mozilla SeaMonkey 1.0.7

Mozilla seamonkey-1.1.1.source.tar.gz
http://releases.mozilla.org/pub/mozilla.org/seamonkey/releases/1.1.1/s eamonkey-1.1.1.source.tar.gz

Mozilla Firefox 2.0 .1

Mozilla Firefox 2.0.0.2
http://www.mozilla.com/products/download.html?product=firefox-2.0.0.2& os=linux&lang=en-US

References

Mozilla Firefox Javascript URI Remote Code Execution Vulnerability

References:

Mozilla Homepage (Mozilla Foundation)
HPSBUX02153 SSRT061181 rev.5 - HP-UX Running Firefox, Remote Unauthorized Access (HP)
Mozilla Foundation Security Advisory 2007-09 (Mozilla)
RHSA-2007:0077-6 - seamonkey security update (Red Hat)
RHSA-2007:0097-5 firefox security update (Red Hat)