[275] in Security FYI
[Security-fyi] None
daemon@ATHENA.MIT.EDU (Linda A Le Blanc)
Tue May 3 16:51:00 2005
Message-ID: <1115152792.4277e1987403c@webmail.mit.edu>
Date: Tue, 3 May 2005 16:39:52 -0400
From: Linda A Le Blanc <leblancl@MIT.EDU>
To: security-fyi@MIT.EDU
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
cc: firefox@MIT.EDU
cc: advisory@MIT.EDU
cc: mozilla@MIT.EDU
cc: for@MIT.EDU
cc: security@MIT.EDU
Errors-To: security-fyi-bounces@MIT.EDU
Greetings,
Please be aware of the following security threat concerning Mozilla
Firefox version 1.0.2 and earlier, and see below for further details:
=============================================================
Date: April 16. 2005
Advisory: http://www.mozilla.org/security/announce/mfsa2005-33.html
Affected: Firefox 1.0.2 (and probably lower)
Impact: All platforms using Firefox -- Moderately Critical
Action to Take: Update to Firefox 1.0.3
=============================================================
This download is available at http://www.mozilla.org/ where you can
select the OS you use. We strongly encourage you to use Mozilla
Firefox as your default browser to reduce the exposure of Internet
Explorer vulnerabilities. This does not mean that IE cannot be used in
instances where there are specific requirements for proprietary IE
functions or features.
Getting Help:
-------------
If you have a question or need assistance, please contact the Computing
Help Desk at computing-help@mit.edu or x3-1101.
Further Details on the Exploit:
--------------
A bug in javascript's regular expression string replacement when using
an anonymous function as the replacement argument allows a malicious
script to capture blocks of memory allocated to the browser. A web site
could capture data and transmit it to a server without user interaction
or knowledge.
The attacker cannot control what will be captured, but the data
returned sometimes contains bits of websites the user has recently
visited and their addresses. The data could be sifted to find the
occasional valuable bits of information.
Fixed in Firefox 1.0.3:
------------------------------
MFSA 2005-33 Javascript "lambda" replace exposes memory contents
MFSA 2005-34 javascript: PLUGINSPAGE code execution
MFSA 2005-35 Showing blocked javascript: popup uses wrong privilege
context
MFSA 2005-36 Cross-site scripting through global scope pollution
MFSA 2005-37 Code execution through javascript: favicons
MFSA 2005-38 Search plugin cross-site scripting
MFSA 2005-39 Arbitrary code execution from Firefox sidebar panel II
MFSA 2005-40 Missing Install object instance checks
MFSA 2005-41 Privilege escalation via DOM property overrides
Known Issues:
-------------
There are no known issues for this version of FIrebird 1.0.3
How to Obtain:
--------------
This download is available at http://www.mozilla.org/ where you can
select the OS you use. We strongly encourage you to use Mozilla
Firebird as your default browser to reduce the exposure of Internet
Explorer vulnerabilities. This does not mean that IE cannot be used in
instances where there are specific requirements for proprietary IE
functions or features.
--
Linda LeBlanc
I/T Security security@mit.edu
Information Services and Technology
_______________________________________________
Security-fyi mailing list
Security-fyi@mit.edu
http://mailman.mit.edu/mailman/listinfo/security-fyi
