A variety of vulnerabilities in the popular web browser Firefox have been reported. When exploited, these vulnerabilities can lead to: disclosure of sensitive information, phishing attacks, data manipulation, and/or system compromise. Here is a quick rundown of the specific vulnerabilities:
1) Memory corruption can be caused by exploiting various errors in the browser engine.
3) The attacker can gain the ability to read and manipulate a document's location of new pages by exploiting an error in the handling of onUnload events.
4) Arbitrary HTTP headers can be inserted into a user's request when using a proxy due to lack of user input checks for input that is passed to the user ID when HTTP requests are made via Digest Authentication.
5) An attacker can hide the window's title bar and facilitate phishing attacks by exploiting an error that is displayed on web pages written in the XUL markup language.
6) The handling of "smb:" and "sftp:" URI schemes on Linux systems which support gnome-vfs has errors. Exploitation of the errors allows the attacker to read any file that is owned by the user. This exploitation requires the attacker to have write permissions to a mutually accessible place on the target server. The user must then be tricked into loading the malicious page.
These issues have been addressed in version 220.127.116.11 of Firefox. It is highly recommended that Firefox users update to the newest version as soon as possible.
Posted by Kitch Spicer on October 19, 2007, in Handlers Log.