From: SecuriTeam <support@securiteam.com.>
To: [email protected]
Date: 27 Apr 2006 14:01:38 +0200
Subject: [NEWS] Mozilla Firefox Tag Parsing Code Execution Vulnerability
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <20060427132433.E25A957AF@mail.tyumen.ru.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Mozilla Firefox Tag Parsing Code Execution Vulnerability
------------------------------------------------------------------------
SUMMARY
<http://www.mozilla.com/firefox/>; Mozilla Firefox is "a free, open
source, cross-platform, graphical web browser developed by the Mozilla
Corporation and hundreds of volunteers".
This vulnerability allows attackers to execute arbitrary code on
vulnerable installations of the Mozilla/Firefox web browser and
Thunderbird e-mail client. User interaction is required to exploit this
vulnerability in that the target must visit a malicious page or open a
malicious e-mail.
DETAILS
Vulnerable Systems:
* Firefox versions 1.0 - 1.0.7
* Thunderbird versions 1.5 - 1.5.0.1
* Thunderbird versions 1.0 - 1.0.7
* SeaMonkey version 1.0
* Mozilla Suite versions 1.7 - 1.7.12
The specific flaw exists within nsHTMLContentSink.cpp, during the parsing
of HTML tags as they appear in a specific order. The flaw results in a
memory corruption that leads to an attacker controlled function pointer
dereference from the stack and eventually execution of arbitrary code.
Vendor Response:
Mozilla has issued an update to correct this vulnerability. Further
details are available at:
<http://www.mozilla.org/security/announce/2006/mfsa2006-18.html>;
http://www.mozilla.org/security/announce/2006/mfsa2006-18.html
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0749>;
CVE-2006-0749
Disclosure Timeline:
2005.12.13 - Vulnerability reported to vendor
2005.12.13 - Digital Vaccine released to TippingPoint customers
2006.04.14 - Coordinated public release of advisory
ADDITIONAL INFORMATION
The information has been provided by ZDI.
The original article can be found at:
<http://www.zerodayinitiative.com/advisories/ZDI-06-009.html>;
http://www.zerodayinitiative.com/advisories/ZDI-06-009.html
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: [email protected]
In order to subscribe to the mailing list, simply forward this email to: [email protected]
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
