Vulnerabilities > CVE-2005-0402 - Unspecified vulnerability in Mozilla Firefox
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Firefox before 1.0.2 allows remote attackers to execute arbitrary code by tricking a user into saving a page as a Firefox sidebar panel, then using the sidebar panel to inject Javascript into a privileged page.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 11 |
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_741F88419C6B11D99DBE000A95BC6FAE.NASL description A Mozilla Foundation Security Advisory states : If a user bookmarked a malicious page as a Firefox sidebar panel that page could execute arbitrary programs by opening a privileged page and injecting JavaScript into it. last seen 2020-06-01 modified 2020-06-02 plugin id 18983 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18983 title FreeBSD : firefox -- arbitrary code execution from sidebar panel (741f8841-9c6b-11d9-9dbe-000a95bc6fae) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(18983); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:37"); script_cve_id("CVE-2005-0402"); script_name(english:"FreeBSD : firefox -- arbitrary code execution from sidebar panel (741f8841-9c6b-11d9-9dbe-000a95bc6fae)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "A Mozilla Foundation Security Advisory states : If a user bookmarked a malicious page as a Firefox sidebar panel that page could execute arbitrary programs by opening a privileged page and injecting JavaScript into it." ); # http://www.mozilla.org/security/announce/mfsa2005-31.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2005-31/" ); # https://vuxml.freebsd.org/freebsd/741f8841-9c6b-11d9-9dbe-000a95bc6fae.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b214992e" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-firefox"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/03/03"); script_set_attribute(attribute:"patch_publication_date", value:"2005/03/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"firefox<1.0.2,1")) flag++; if (pkg_test(save_report:TRUE, pkg:"linux-firefox<1.0.2")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200503-31.NASL description The remote host is affected by the vulnerability described in GLSA-200503-31 (Mozilla Firefox: Multiple vulnerabilities) The following vulnerabilities were found and fixed in Mozilla Firefox: Mark Dowd from ISS X-Force reported an exploitable heap overrun in the GIF processing of obsolete Netscape extension 2 (CAN-2005-0399) Kohei Yoshino discovered that a page bookmarked as a sidebar could bypass privileges control (CAN-2005-0402) Michael Krax reported a new way to bypass XUL security restrictions through drag-and-drop of items like scrollbars (CAN-2005-0401) Impact : The GIF heap overflow could be triggered by a malicious GIF image that would end up executing arbitrary code with the rights of the user running Firefox By tricking the user into bookmarking a malicious page as a Sidebar, a remote attacker could potentially execute arbitrary code with the rights of the user running the browser By setting up a malicious website and convincing users to obey very specific drag-and-drop instructions, attackers may leverage drag-and-drop features to bypass XUL security restrictions, which could be used as a stepping stone to exploit other vulnerabilities Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 17620 published 2005-03-25 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17620 title GLSA-200503-31 : Mozilla Firefox: Multiple vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-336.NASL description Updated firefox packages that fix various bugs are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. A buffer overflow bug was found in the way Firefox processes GIF images. It is possible for an attacker to create a specially crafted GIF image, which when viewed by a victim will execute arbitrary code as the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0399 to this issue. A bug was found in the way Firefox processes XUL content. If a malicious web page can trick a user into dragging an object, it is possible to load malicious XUL content. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0401 to this issue. A bug was found in the way Firefox bookmarks content to the sidebar. If a user can be tricked into bookmarking a malicious web page into the sidebar panel, that page could execute arbitrary programs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0402 to this issue. Users of Firefox are advised to upgrade to this updated package which contains Firefox version 1.0.2 and is not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 17627 published 2005-03-25 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17627 title RHEL 4 : firefox (RHSA-2005:336) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-149-3.NASL description USN-149-1 fixed some vulnerabilities in the Ubuntu 5.04 (Hoary Hedgehog) version of Firefox. The version shipped with Ubuntu 4.10 (Warty Warthog) is also vulnerable to these flaws, so it needs to be upgraded as well. Please see http://www.ubuntulinux.org/support/documentation/usn/usn-149-1 for the original advisory. This update also fixes several older vulnerabilities; Some of them could be exploited to execute arbitrary code with full user privileges if the user visited a malicious website. (MFSA-2005-01 to MFSA-2005-44; please see the following website for details: http://www.mozilla.org/projects/security/known-vulnerabilities.html) Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20546 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2018 Canonical, Inc. / NASL script (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20546 title Ubuntu 4.10 : mozilla-firefox vulnerabilities (USN-149-3) NASL family Fedora Local Security Checks NASL id FEDORA_2005-246.NASL description A buffer overflow bug was found in the way Firefox processes GIF images. It is possible for an attacker to create a specially crafted GIF image, which when viewed by a victim will execute arbitrary code as the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0399 to this issue. A bug was found in the way Firefox processes XUL content. If a malicious web page can trick a user into dragging an object, it is possible to load malicious XUL content. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0401 to this issue. A bug was found in the way Firefox bookmarks content to the sidebar. If a user can be tricked into bookmarking a malicious web page into the sidebar panel, that page could execute arbitrary programs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0402 to this issue. Users of Firefox are advised to upgrade to this updated package which contains Firefox version 1.0.2 and is not vulnerable to these issues. Additionally, there was a bug found in the way Firefox rendered some fonts, notably the Tahoma font while italicized. This issue has been filed as Bug 150041 (bugzilla.redhat.com). This updated package contains a fix for this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 19632 published 2005-09-12 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19632 title Fedora Core 3 : firefox-1.0.2-1.3.1 (2005-246) NASL family Windows NASL id MOZILLA_FIREFOX_102.NASL description The remote version of Firefox contains various security issues that may allow an attacker to impersonate a website and to trick a user into accepting and executing arbitrary files or to cause a heap overflow in the FireFox process and execute arbitrary code on the remote host. last seen 2020-06-01 modified 2020-06-02 plugin id 17603 published 2005-03-23 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17603 title Firefox < 1.0.2 Multiple Vulnerabilities
Oval
accepted 2007-05-09T16:10:37.557-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Matthew Wojcik organization The MITRE Corporation name Jonathan Baker organization The MITRE Corporation name Jonathan Baker organization The MITRE Corporation name Jonathan Baker organization The MITRE Corporation
description Firefox before 1.0.2 allows remote attackers to execute arbitrary code by tricking a user into saving a page as a Firefox sidebar panel, then using the sidebar panel to inject Javascript into a privileged page. family windows id oval:org.mitre.oval:def:100027 status accepted submitted 2005-08-16T12:00:00.000-04:00 title Firefox Sidebar Panel Code Execution Vulnerability version 6 accepted 2013-04-29T04:16:00.909-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990
description Firefox before 1.0.2 allows remote attackers to execute arbitrary code by tricking a user into saving a page as a Firefox sidebar panel, then using the sidebar panel to inject Javascript into a privileged page. family unix id oval:org.mitre.oval:def:11868 status accepted submitted 2010-07-09T03:56:16-04:00 title Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3) ISUP, (4) SMB, or (5) Bittorrent dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (segmentation fault) via unknown vectors. version 26
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://secunia.com/advisories/14654
- http://www.mozilla.org/security/announce/mfsa2005-31.html
- http://www.redhat.com/support/errata/RHSA-2005-336.html
- http://www.vupen.com/english/advisories/2005/0296
- https://bugzilla.mozilla.org/show_bug.cgi?id=284627
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100027
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11868