32107 : Mozilla Multiple Products Blocked Popup XSS
Printer | http://osvdb.org/32107 | Email This | Edit Vulnerability

Views This Week	Views All Time	Added to OSVDB	Last Modified	Modified (since 2008)	Percent Complete
14	605	over 3 years ago	about 1 year ago	0 times	100%

Timeline

Disclosure Date	Exploit Publish Date
2006-09-30	2006-09-30

Description

Mozilla Firefox and Mozilla SeaMonkey contain a flaw that may allow a remote attacker to perform cross-site scripting attacks. The issue is due to improper validation of user-supplied input by the browser.js script. The flaw is triggered when the victim visits the attacker's site which is constructed so that it frames the target site plus another frame whose source is the same data: URL as the victim site. If the attacker can then convince the victim to open a specially-crafted javascript: URL popup from the data: frame the popup could inject a malicious script, which would be executed in a victim's web browser within the security context of the hosting web site, resulting in a loss of confidentiality and/or integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Upgrade to the following versions of the affected applications as they have been reported to fix this vulnerability:
Mozilla Firefox: version 1.5.0.10 or higher
Mozilla Firefox 2: version 2.0.0.2 or higher
Mozilla SeaMonkey: version 1.0.8 or higher

It is also possible to correct the flaw by implementing the following workaround(s):
Disable JavaScript.

Products

Mozilla Organization	Firefox	0.8
		0.9
		0.9.1
		0.9.2
		0.9.3
		0.10
		0.10.1
		1.0 rc1
		1.0 RC2
		1.0
		1.0.1
		1.0.2
		1.0.3
		1.0.4
		1.0.5
		1.0.6
		1.0.7
		1.0.8
		1.1a1
		1.1a2
		1.4
		1.4.1
		1.5 RC1
		1.5 rc2
		1.5 RC3
		1.5
		1.5.0.1 RC1
		1.5.0.1
		1.5.0.2
		1.5.0.3
		1.5.0.4
		1.5.0.5
		1.5.0.6
		1.5.0.7
		1.5.0.8
		1.5.0.9
		1.5.0.10
		2.0a1
		2.0a2
		2.0a3
		2.0b1
		2.0b2
		2.0 RC 1
		2.0 RC 2
		2.0 RC 3
		2.0
		2.0.0.1
		2.0.0.2
	SeaMonkey	1.0 Alpha
		1.0 Beta
		1.0
		1.0.1
		1.0.2
		1.0.3
		1.0.4
		1.0.5
		1.0.6
		1.0.7
		1.0.8
		1.1.1

References

Security Tracker: 1017702
CVE ID: 2007-0780 (see also: NVD)
Bugtraq ID: 22694
Secunia Advisory ID: 24205 24333 24342 24343 24384 24393 24395 24437 24455 24457 24569 24650 25588
ISS X-Force ID: 32667
VUPEN Advisory: ADV-2007-0718
Other Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc http://fedoranews.org/cms/node/2721
http://fedoranews.org/cms/node/2728
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0006.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
http://www.gentoo.org/security/en/glsa/glsa-200703-04.xml
http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
http://www.ubuntu.com/usn/usn-428-1
http://www.us.debian.org/security/2007/dsa-1336
Vendor Specific Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc http://fedoranews.org/cms/node/2713
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:050
http://lists.rpath.com/pipermail/security-announce/2007-February/000153.html
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
http://www.gentoo.org/security/en/glsa/glsa-200703-04.xml
http://www.mozilla.org/security/announce/2007/mfsa2007-05.html
http://www.ubuntu.com/usn/usn-428-1
http://www.ubuntu.com/usn/usn-428-2
Vendor Specific Solution URL: http://www.mozilla.com/firefox/
http://www.mozilla.org/projects/seamonkey/
Generic Informational URL: https://bugzilla.mozilla.org/attachment.cgi?id=245720
https://bugzilla.mozilla.org/attachment.cgi?id=251330
Vendor Specific News/Changelog Entry: https://bugzilla.mozilla.org/show_bug.cgi?id=354973
RedHat RHSA: RHSA-2007:0077 RHSA-2007:0078 RHSA-2007:0078-2 RHSA-2007:0079

Tools & Filters

	24701 24707 24708 24735 24748 24753 24771 24774 24800 25000 25318 27118 27119 27439 27440 28021 28022 29359
	3922 3927 3931 3942

Credit

shutdown - shutdownflashmail.com -

CVSSv2 Score

CVSSv2 Base Score = 6.8
Source: nvd.nist.gov | Generated: 2007-02-27 | Disagree?

Blogs

This product uses the Daylife API but is not endorsed or certified by Daylife.

This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.