Executive Summary

Summary
Title firefox security update
Informations
Name RHSA-2005:785 First vendor Publication 2005-09-22
Vendor RedHat Last vendor Modification 2005-09-22
Severity (Vendor) Critical Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

An updated firefox package that fixes several security bugs is now available for Red Hat Enterprise Linux 4.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Mozilla Firefox is an open source Web browser.

A bug was found in the way Firefox processes XBM image files. If a user views a specially crafted XBM file, it becomes possible to execute arbitrary code as the user running Firefox. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2701 to this issue.

A bug was found in the way Firefox processes certain Unicode sequences. It may be possible to execute arbitrary code as the user running Firefox if the user views a specially crafted Unicode sequence. (CAN-2005-2702)

A bug was found in the way Firefox makes XMLHttp requests. It is possible that a malicious web page could leverage this flaw to exploit other proxy or server flaws from the victim's machine. It is also possible that this flaw could be leveraged to send XMLHttp requests to hosts other than the originator; the default behavior of the browser is to disallow this. (CAN-2005-2703)

A bug was found in the way Firefox implemented its XBL interface. It may be possible for a malicious web page to create an XBL binding in such a way that would allow arbitrary JavaScript execution with chrome permissions. Please note that in Firefox 1.0.6 this issue is not directly exploitable and will need to leverage other unknown exploits. (CAN-2005-2704)

An integer overflow bug was found in Firefox's JavaScript engine. Under favorable conditions, it may be possible for a malicious web page to execute arbitrary code as the user running Firefox. (CAN-2005-2705)

A bug was found in the way Firefox displays about: pages. It is possible for a malicious web page to open an about: page, such as about:mozilla, in such a way that it becomes possible to execute JavaScript with chrome privileges. (CAN-2005-2706)

A bug was found in the way Firefox opens new windows. It is possible for a malicious web site to construct a new window without any user interface components, such as the address bar and the status bar. This window could then be used to mislead the user for malicious purposes. (CAN-2005-2707)

A bug was found in the way Firefox processes URLs passed to it on the command line. If a user passes a malformed URL to Firefox, such as clicking on a link in an instant messaging program, it is possible to execute arbitrary commands as the user running Firefox. (CAN-2005-2968)

Users of Firefox are advised to upgrade to this updated package that contains Firefox version 1.0.7 and is not vulnerable to these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

168527 - CAN-2005-2701 Multiple Firefox issues (CAN-2005-2702, CAN-2005-2703, CAN-2005-2704, CAN-2005-2705, CAN-2005-2706, CAN-2005-2707) 168740 - CAN-2005-2968 Firefox improper command line URL sanitization

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2005-785.html

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-94 Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10367
 
Oval ID: oval:org.mitre.oval:def:10367
Title: Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code.
Description: Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code.
Family: unix Class: vulnerability
Reference(s): CVE-2005-2705
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10767
 
Oval ID: oval:org.mitre.oval:def:10767
Title: Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting.
Description: Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting.
Family: unix Class: vulnerability
Reference(s): CVE-2005-2703
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1089
 
Oval ID: oval:org.mitre.oval:def:1089
Title: XMLHttpRequest Header Spoofing Vulnerability
Description: Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting.
Family: windows Class: vulnerability
Reference(s): CVE-2005-2703
Version: 3
Platform(s): Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): mozilla
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11105
 
Oval ID: oval:org.mitre.oval:def:11105
Title: Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash.
Description: Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash.
Family: unix Class: vulnerability
Reference(s): CVE-2005-2968
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11130
 
Oval ID: oval:org.mitre.oval:def:11130
Title: Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks.
Description: Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks.
Family: unix Class: vulnerability
Reference(s): CVE-2005-2707
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11317
 
Oval ID: oval:org.mitre.oval:def:11317
Title: Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla.
Description: Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla.
Family: unix Class: vulnerability
Reference(s): CVE-2005-2706
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1150
 
Oval ID: oval:org.mitre.oval:def:1150
Title: Crash on "zero-width non-joiner" Sequence
Description: Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters.
Family: windows Class: vulnerability
Reference(s): CVE-2005-2702
Version: 3
Platform(s): Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): mozilla
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11609
 
Oval ID: oval:org.mitre.oval:def:11609
Title: Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters.
Description: Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters.
Family: unix Class: vulnerability
Reference(s): CVE-2005-2702
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1197
 
Oval ID: oval:org.mitre.oval:def:1197
Title: Firefox/Mozilla Suite Chrome Window Spoofing Vulnerability
Description: Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks.
Family: windows Class: vulnerability
Reference(s): CVE-2005-2707
Version: 3
Platform(s): Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): mozilla
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1272
 
Oval ID: oval:org.mitre.oval:def:1272
Title: Object Spoofing using XBL <implements> Vulnerability
Description: Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface.
Family: windows Class: vulnerability
Reference(s): CVE-2005-2704
Version: 3
Platform(s): Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): mozilla
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1307
 
Oval ID: oval:org.mitre.oval:def:1307
Title: Firefox/Mozilla Suite JavaScript Integer Overflow
Description: Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code.
Family: windows Class: vulnerability
Reference(s): CVE-2005-2705
Version: 3
Platform(s): Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): mozilla
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1443
 
Oval ID: oval:org.mitre.oval:def:1443
Title: Firefox/Mozilla Suite about: Scheme Privilege Escalation Vulnerability
Description: Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla.
Family: windows Class: vulnerability
Reference(s): CVE-2005-2706
Version: 3
Platform(s): Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): mozilla
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1480
 
Oval ID: oval:org.mitre.oval:def:1480
Title: Heap Overrun in XBM Image Processing
Description: Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag.
Family: windows Class: vulnerability
Reference(s): CVE-2005-2701
Version: 3
Platform(s): Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): mozilla
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9323
 
Oval ID: oval:org.mitre.oval:def:9323
Title: Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag.
Description: Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag.
Family: unix Class: vulnerability
Reference(s): CVE-2005-2701
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9784
 
Oval ID: oval:org.mitre.oval:def:9784
Title: Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface.
Description: Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface.
Family: unix Class: vulnerability
Reference(s): CVE-2005-2704
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 36
Application 1
Application 6

OpenVAS Exploits

Date Description
2009-10-10 Name : SLES9: Security update for Mozilla
File : nvt/sles9p5010264.nasl
2008-09-04 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox20.nasl
2008-09-04 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox21.nasl
2008-01-17 Name : Debian Security Advisory DSA 838-1 (mozilla-firefox)
File : nvt/deb_838_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 866-1 (mozilla)
File : nvt/deb_866_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 868-1 (mozilla-thunderbird)
File : nvt/deb_868_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
19649 Mozilla Multiple Browser Chrome Window Spoofing

19648 Mozilla Multiple Browsers about: Page Privilege Escalation

19647 Mozilla Multiple Browser JavaScript Engine Overflow

19646 Mozilla Multiple Browser XBL <implements> Object Spoofing

19645 Mozilla Multiple Browser XMLHttpRequest Header Spoofing

19644 Mozilla Multiple Browser Unicode zero-width non- joiner Character DoS

19643 Mozilla Multiple Browsers XBM Image Processing Overflow

19589 Mozilla Products Command Line URL Arbitrary Shell Command Injection

Snort® IPS/IDS

Date Description
2020-01-16 Mozilla Firefox JavaScript engine integer overflow attempt
RuleID : 52473 - Revision : 1 - Type : BROWSER-FIREFOX
2020-01-16 Mozilla Firefox JavaScript engine integer overflow attempt
RuleID : 52472 - Revision : 1 - Type : BROWSER-FIREFOX
2015-09-03 Mozilla Firefox JavaScript engine integer overflow attempt
RuleID : 35439 - Revision : 5 - Type : BROWSER-FIREFOX
2015-09-03 Mozilla Firefox JavaScript engine integer overflow attempt
RuleID : 35438 - Revision : 5 - Type : BROWSER-FIREFOX
2014-11-16 Mozilla Firefox XBM image processing buffer overflow attempt
RuleID : 32133 - Revision : 2 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox Chrome Page Loading Restriction Bypass attempt
RuleID : 17629 - Revision : 13 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox Unicode sequence handling stack corruption attempt
RuleID : 17434 - Revision : 13 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox XBM image processing buffer overflow attempt
RuleID : 17360 - Revision : 13 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox Chrome Page Loading Restriction Bypass attempt
RuleID : 17213 - Revision : 9 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox command line URL shell command injection attempt
RuleID : 16200 - Revision : 10 - Type : BROWSER-FIREFOX

Nessus® Vulnerability Scanner

Date Description
2006-07-05 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2005-791.nasl - Type : ACT_GATHER_INFO
2006-07-05 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2005-785.nasl - Type : ACT_GATHER_INFO
2006-07-03 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2005-789.nasl - Type : ACT_GATHER_INFO
2006-05-13 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_2e28cefb2aee11daa2630001020eed82.nasl - Type : ACT_GATHER_INFO
2006-05-13 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_8f5dd74b2c6111daa2630001020eed82.nasl - Type : ACT_GATHER_INFO
2006-01-15 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-200-1.nasl - Type : ACT_GATHER_INFO
2006-01-15 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-186-1.nasl - Type : ACT_GATHER_INFO
2006-01-15 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2005-174.nasl - Type : ACT_GATHER_INFO
2005-10-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-868.nasl - Type : ACT_GATHER_INFO
2005-10-20 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-866.nasl - Type : ACT_GATHER_INFO
2005-10-11 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2005-791.nasl - Type : ACT_GATHER_INFO
2005-10-05 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2005-170.nasl - Type : ACT_GATHER_INFO
2005-10-05 Name : The remote host is missing a vendor-supplied security patch
File : suse_SA_2005_058.nasl - Type : ACT_GATHER_INFO
2005-10-05 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2005-789.nasl - Type : ACT_GATHER_INFO
2005-10-05 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2005-785.nasl - Type : ACT_GATHER_INFO
2005-10-05 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200509-11.nasl - Type : ACT_GATHER_INFO
2005-10-05 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-838.nasl - Type : ACT_GATHER_INFO
2005-10-05 Name : The remote Fedora Core host is missing a security update.
File : fedora_2005-963.nasl - Type : ACT_GATHER_INFO
2005-10-05 Name : The remote Fedora Core host is missing a security update.
File : fedora_2005-962.nasl - Type : ACT_GATHER_INFO
2005-10-05 Name : The remote Fedora Core host is missing a security update.
File : fedora_2005-932.nasl - Type : ACT_GATHER_INFO
2005-10-05 Name : The remote Fedora Core host is missing a security update.
File : fedora_2005-931.nasl - Type : ACT_GATHER_INFO
2005-10-05 Name : The remote Fedora Core host is missing a security update.
File : fedora_2005-927.nasl - Type : ACT_GATHER_INFO
2005-10-05 Name : The remote Fedora Core host is missing a security update.
File : fedora_2005-926.nasl - Type : ACT_GATHER_INFO
2005-09-17 Name : A web browser on the remote host is affected by multiple vulnerabilities, inc...
File : mozilla_1711.nasl - Type : ACT_GATHER_INFO
2005-09-17 Name : A web browser on the remote host is prone to multiple flaws, including arbitr...
File : mozilla_firefox_106.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:49:41
  • Multiple Updates