32111 : Mozilla Multiple Products HTML Tag Attribute Trailing Character Content Filter Bypass
Printer | http://osvdb.org/32111 | Email This | Edit Vulnerability

Views This Week

Views All Time

680

Info

Last Modified

about 1 year ago

Percent Complete

100%

Disclosure

Feb 23, 2007

Discovery

Oct 27, 2005

Dates

Exploit

Unknown

Solution

Unknown

Keywords

No Keywords

Description

Mozilla Firefox and SeaMonkey parsers improperly ignore invalid trailing characters in HTML tag attribute names. This allows remote attackers to bypass web site content filters that use regular expressions and execute arbitrary scripting code resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified

Technical

onload!#$%&()*~+-_.,:;?@[/|\]^`=doEvilStuff()

Solution

Upgrade to Mozilla Firefox version 2.0.0.2 or higher, Mozilla Firefox version 1.5.0.10 or higher, and Mozilla SeaMonkey version 1.0.8 or higher as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Mozilla Organization	Firefox	2.0.0.2
		1.5.0.10
		0.8
		0.9
		0.9 rc
		0.9.1
		0.9.2
		0.9.3
		0.10
		0.10.1
		1.0
		1.0.1
		1.0.2
		1.0.3
		1.0.4
		1.0.5
		1.0.6
		1.0.7
		1.0.8
		1.5
		1.5 beta 1
		1.5 beta 2
		1.5.0.1
		1.5.0.2
		1.5.0.3
		1.5.0.4
		1.5.0.5
		1.5.0.6
		1.5.0.7
		1.5.0.9
		2.0
		2.0 Beta 1
		2.0 RC2
		2.0 RC3
		2.0.1
	SeaMonkey	1.0.8
		1.0.7
		1.0.6
		1.0.5
		1.0.3
		1.0.2
		1.0.1
		1.0 dev
		1.0

References

CVE ID: 2007-0995 (see also: NVD)
Bugtraq ID: 22694
Secunia Advisory ID: 24205 24238 24252 24287 24290 24293 24320 24327 24328 24333 24342 24343 24384 24393 24395 24437 24455 24457 24569 24650 25588
Related OSVDB ID: 32103 32104 32105 32107 32109 32110 32112 32114
FrSIRT Advisory: ADV-2007-0718
Other Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc http://fedoranews.org/cms/node/2721
http://fedoranews.org/cms/node/2728
http://ha.ckers.org/xss.html#XSS_Non_alpha_non_digit2
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0006.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware- ......
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware- ......
http://www.gentoo.org/security/en/glsa/glsa-200703-04.xml
http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
http://www.ubuntu.com/usn/usn-428-1
http://www.us.debian.org/security/2007/dsa-1336
Vendor Specific Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc http://fedoranews.org/cms/node/2713
http://lists.rpath.com/pipermail/security-announce/2007-February/000153.html
http://www.mozilla.org/security/announce/2007/mfsa2007-02.html
Vendor Specific News/Changelog Entry: https://bugzilla.mozilla.org/show_bug.cgi?id=314980
https://bugzilla.mozilla.org/show_bug.cgi?id=315473
RedHat RHSA: RHSA-2007:0077 RHSA-2007:0078 RHSA-2007:0079

Tools & Filters

Nessus	24701 24707 24708 24735 24748 24753 24771 24774 24800 25000 25318 27118 27119 27439 27440 28021 28022 29359

Credit

Alejandro Torras - atec_postyahoo.es -

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Keywords

Description

Classification

Technical

Solution

Products

Mozilla Organization

Firefox

SeaMonkey

References

Tools & Filters

Credit

Blogs

Comments