Main Menu

Login



Support Virus.Org

Help support Virus.Org by donating.
Donating allows us to keep this site free and pay the running costs of all our services.
New Firefox release does not fix Password Manager hole PDF Print E-mail
Written by Editor   
Friday, 22 December 2006 11:37

So this week the Firefox dev team pushed out a new Firefox 2.0 release, which addresses a whole bunch of security issues. The release was pushed out silently before they announced the included fixes, which would explain why many people didn't notice it happen. It seems however they missed out a fix for the issues with the Password Manager that have been kicking about since August. 

Firstly lets just cover off what they fixed, there are nine main issues addressed. These include layout and javascript engine errors that could be exploited to cause memory corruption and execution of arbitrary code. An error in the handling of the 'src' attribute of IMG elements that are loaded in a frame, which can be exploited to change the attribute to a javascript URI. This can be used to execute arbitrary HTML and script code in a nice Cross Site Scripting attack.

Interestingly the issue associated with the 'src' attribute of the IMG element is in bugzilla here, but is locked and no one is allowed to view the details. However, from what information is available it seems that you can change the img.src attribute to a javascript: URI when the image is used in an iframe to bypass the internal XSS filters of Firefox.

You can find out more about all the issues addressed in this Firefox release here at Secunia.

The one thing missing from this release is a fix for the problems within the password manager in Firefox. The issues relate to the improper handling of form input when the password input element is used. It seems that Firefox does not verify properly the ACTION URL in a form element to ensure it matches the web site a user has stored a password for in the password manager. The end result is that the issue can be exploited by an attacker to steal password information. The issues were originally discussed back in August on the ha.ckers blog here and are detailed in bugzilla here as well as in CVE reference CVE-2006-6077.

Add this page to your favorite Social Bookmarking websites
Digg! Reddit! Del.icio.us! Google! Live! Facebook! Technorati! StumbleUpon! Yahoo!
Last Updated ( Friday, 22 December 2006 11:39 )