Mozilla Firefox Action Prompt Delay Security Mechanism Bypass Vulnerability
BID:24293
Info
Mozilla Firefox Action Prompt Delay Security Mechanism Bypass Vulnerability
| Bugtraq ID: | 24293 |
| Class: | Design Error |
| CVE: |
CVE-2008-0591 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 04 2007 12:00AM |
| Updated: | Jun 10 2008 09:12PM |
| Credit: | Michal Zalewski reported this issue. |
| Vulnerable: |
Ubuntu Ubuntu Linux 7.10 sparc Ubuntu Ubuntu Linux 7.10 powerpc Ubuntu Ubuntu Linux 7.10 i386 Ubuntu Ubuntu Linux 7.10 amd64 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Turbolinux wizpy 0 Turbolinux Turbolinux Server 11 x64 Turbolinux Turbolinux Server 11 Turbolinux Turbolinux FUJI SuSE SUSE Linux Enterprise Server 10 SP1 SuSE SUSE Linux Enterprise SDK 10.SP1 SuSE SUSE Linux Enterprise Desktop 10 SP1 Sun Solaris 10_x86 Sun Solaris 10 Slackware Linux 10.2 Slackware Linux 12.0 Slackware Linux 11.0 Slackware Linux -current S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 S.u.S.E. Novell Linux POS 9 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.1 rPath rPath Linux 1 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux WS 2.1 IA64 RedHat Enterprise Linux WS 2.1 RedHat Enterprise Linux Optional Productivity Application 5 server RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux ES 2.1 IA64 RedHat Enterprise Linux ES 2.1 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Desktop 4.0 RedHat Desktop 3.0 RedHat Advanced Workstation for the Itanium Processor 2.1 IA64 RedHat Advanced Workstation for the Itanium Processor 2.1 Red Hat Enterprise Linux Desktop 5 client Red Hat Enterprise Linux AS 4 Red Hat Enterprise Linux AS 3 Red Hat Enterprise Linux AS 2.1 IA64 Red Hat Enterprise Linux AS 2.1 Red Hat Enterprise Linux 5 Server Netscape Navigator 9.0 1 Netscape Navigator 9.0.0.5 Netscape Navigator 9.0.0.4 Netscape Navigator 9.0.0.3 Netscape Navigator 9.0.0.2 Netscape Navigator 9.0 Mozilla Thunderbird 2.0 .8 Mozilla Thunderbird 2.0 .6 Mozilla Thunderbird 2.0 .5 Mozilla Thunderbird 2.0 .4 Mozilla Thunderbird 1.5 beta 2 Mozilla Thunderbird 1.5 .9 Mozilla Thunderbird 1.5 .13 Mozilla Thunderbird 1.5 Mozilla Thunderbird 1.0.8 Mozilla Thunderbird 1.0.7 Mozilla Thunderbird 1.0.6 Mozilla Thunderbird 1.0.5 Mozilla Thunderbird 1.0.2 Mozilla Thunderbird 1.0.1 Mozilla Thunderbird 1.0 Mozilla Thunderbird 0.9 Mozilla Thunderbird 0.8 Mozilla Thunderbird 0.7.3 Mozilla Thunderbird 0.7.2 Mozilla Thunderbird 0.7.1 Mozilla Thunderbird 0.7 Mozilla Thunderbird 0.6 Mozilla Thunderbird 1.5.0.8 Mozilla Thunderbird 1.5.0.7 Mozilla Thunderbird 1.5.0.5 Mozilla Thunderbird 1.5.0.4 Mozilla Thunderbird 1.5.0.2 Mozilla Thunderbird 1.5.0.14 Mozilla Thunderbird 1.5.0.12 Mozilla Thunderbird 1.5.0.10 Mozilla Thunderbird 1.5.0.1 Mozilla SeaMonkey 1.1.7 Mozilla SeaMonkey 1.1.6 Mozilla SeaMonkey 1.1.5 Mozilla SeaMonkey 1.1.4 Mozilla SeaMonkey 1.1.3 Mozilla SeaMonkey 1.1.2 Mozilla SeaMonkey 1.1.1 Mozilla SeaMonkey 1.0.99 Mozilla SeaMonkey 1.0.9 Mozilla SeaMonkey 1.0.8 Mozilla SeaMonkey 1.0.7 Mozilla SeaMonkey 1.0.6 Mozilla SeaMonkey 1.0.5 Mozilla SeaMonkey 1.0.3 Mozilla SeaMonkey 1.0.2 Mozilla SeaMonkey 1.0.1 Mozilla SeaMonkey 1.1 beta Mozilla SeaMonkey 1.0 dev Mozilla SeaMonkey 1.0 Mozilla Firefox 2.0 .9 Mozilla Firefox 2.0 .8 Mozilla Firefox 2.0 .7 Mozilla Firefox 2.0 .6 Mozilla Firefox 2.0 .5 Mozilla Firefox 2.0 .4 Mozilla Firefox 2.0 .3 Mozilla Firefox 2.0 .10 Mozilla Firefox 2.0 .1 Mozilla Firefox 1.5 beta 2 Mozilla Firefox 1.5 beta 1 Mozilla Firefox 1.5 12 Mozilla Firefox 1.5 .8 Mozilla Firefox 1.5 .6 Mozilla Firefox 1.5 Mozilla Firefox 1.0.8 Mozilla Firefox 1.0.7 Mozilla Firefox 1.0.6 Mozilla Firefox 1.0.5 Mozilla Firefox 1.0.5 Mozilla Firefox 1.0.4 Mozilla Firefox 1.0.3 Mozilla Firefox 1.0.2 Mozilla Firefox 1.0.1 Mozilla Firefox 1.0 Mozilla Firefox 0.10.1 Mozilla Firefox 0.10 Mozilla Firefox 0.9.3 Mozilla Firefox 0.9.2 Mozilla Firefox 0.9.1 Mozilla Firefox 0.9 rc Mozilla Firefox 0.9 Mozilla Firefox 0.8 Mozilla Firefox 2.0.0.3 Mozilla Firefox 2.0.0.2 Mozilla Firefox 2.0.0.11 Mozilla Firefox 2.0.0.10 Mozilla Firefox 2.0.0.10 Mozilla Firefox 2.0 RC3 Mozilla Firefox 2.0 RC2 Mozilla Firefox 2.0 beta 1 Mozilla Firefox 2.0 Mozilla Firefox 1.5.0.9 Mozilla Firefox 1.5.0.8 Mozilla Firefox 1.5.0.7 Mozilla Firefox 1.5.0.6 Mozilla Firefox 1.5.0.5 Mozilla Firefox 1.5.0.4 Mozilla Firefox 1.5.0.3 Mozilla Firefox 1.5.0.2 Mozilla Firefox 1.5.0.2 Mozilla Firefox 1.5.0.11 Mozilla Firefox 1.5.0.10 Mozilla Firefox 1.5.0.1 Mandriva Linux Mandrake 2008.0 x86_64 Mandriva Linux Mandrake 2008.0 Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 Iceape Internet Suite Iceape Internet Suite 1.0.12 Gentoo Linux Foresight Linux Foresight Linux 1.1 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 Avaya Messaging Storage Server 3.1 SP1 Avaya Message Networking MN 3.1 Avaya Message Networking 3.1 Avaya Message Networking Avaya Intuity AUDIX LX 2.0 |
| Not Vulnerable: |
Netscape Navigator 9.0.0.6 Mozilla Thunderbird 2.0 .12 Mozilla SeaMonkey 1.1.8 Mozilla Firefox 2.0.0.12 |
Discussion
Mozilla Firefox Action Prompt Delay Security Mechanism Bypass Vulnerability
Mozilla Firefox is prone to a security-mechanism-bypass vulnerability because it fails to adequately prevent action prompt options from being selected before a delay timer has finished counting down.
Attackers can exploit this issue to initiate downloads or run files on a user's computer without their knowledge or consent. Successful attacks can allow arbitrary code to run with the privileges of the user running the application.
This issue is reportedly being tracked by Bugzilla Bug 376473.
Firefox 2.0.0.11 and prior versions are vulnerable.
Mozilla Firefox is prone to a security-mechanism-bypass vulnerability because it fails to adequately prevent action prompt options from being selected before a delay timer has finished counting down.
Attackers can exploit this issue to initiate downloads or run files on a user's computer without their knowledge or consent. Successful attacks can allow arbitrary code to run with the privileges of the user running the application.
This issue is reportedly being tracked by Bugzilla Bug 376473.
Firefox 2.0.0.11 and prior versions are vulnerable.
Exploit / POC
Mozilla Firefox Action Prompt Delay Security Mechanism Bypass Vulnerability
To exploit this issue, an attacker must entice an unsuspecting user to visit a maliciously crafted webpage.
A proof-of-concept webpage has been created to demonstrate this issue. Please see the references for more information.
To exploit this issue, an attacker must entice an unsuspecting user to visit a maliciously crafted webpage.
A proof-of-concept webpage has been created to demonstrate this issue. Please see the references for more information.
Solution / Fix
Mozilla Firefox Action Prompt Delay Security Mechanism Bypass Vulnerability
Solution:
The vendor released Firefox 2.0.0.12 to address this issue. Please see the references for more information.
Netscape Navigator 9.0.0.4
Netscape Navigator 9.0.0.2
Solution:
The vendor released Firefox 2.0.0.12 to address this issue. Please see the references for more information.
Netscape Navigator 9.0.0.4
-
Netscape Netscape Navigator 9.0.0.6
http://browser.netscape.com/downloads
Netscape Navigator 9.0.0.2
-
Netscape Netscape Navigator 9.0.0.6
http://browser.netscape.com/downloads
References
Mozilla Firefox Action Prompt Delay Security Mechanism Bypass Vulnerability
References:
References:
- Bug 376473 (Mozilla)
- Fixed in Firefox 2.0.0.12 (Mozilla Foundation)
- Proof-of-concept webpage (Michal Zalewski)
- Vendor Homepage (Mozilla Foundation)
- What's New in Netscape Navigator 9.0.0.6 (Netscape)
- Assorted browser vulnerabilities (Michal Zalewski)
- ASA-2008-059: firefox security update (RHSA-2008-0103) (Avaya)
- MFSA 2008-08: File action dialog tampering (Mozilla Foundation)
- RHSA-2008:0103-7 Critical: firefox security update (Red Hat)
- RHSA-2008:0104-4 Critical: seamonkey security update (Red Hat)
- RHSA-2008:0105-4 thunderbird security update (Red Hat)
- Security update for epiphany (Novell)
- Solution 238492 : Multiple Security Vulnerabilities in Solaris 10 Firefox may (Sun)