Vulnerabilities > CVE-2009-3988 - Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Seamonkey
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Accessing, Modifying or Executing Executable Files An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
- Leverage Executable Code in Non-Executable Files An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
- Blue Boxing This type of attack against older telephone switches and trunks has been around for decades. A tone is sent by an adversary to impersonate a supervisor signal which has the effect of rerouting or usurping command of the line. While the US infrastructure proper may not contain widespread vulnerabilities to this type of attack, many companies are connected globally through call centers and business process outsourcing. These international systems may be operated in countries which have not upgraded Telco infrastructure and so are vulnerable to Blue boxing. Blue boxing is a result of failure on the part of the system to enforce strong authorization for administrative functions. While the infrastructure is different than standard current applications like web applications, there are historical lessons to be learned to upgrade the access control for administrative functions.
- Restful Privilege Elevation Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL'd and the application's service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.
- Target Programs with Elevated Privileges This attack targets programs running with elevated privileges. The attacker would try to leverage a bug in the running program and get arbitrary code to execute with elevated privileges. For instance an attacker would look for programs that write to the system directories or registry keys (such as HKLM, which stores a number of critical Windows environment variables). These programs are typically running with elevated privileges and have usually not been designed with security in mind. Such programs are excellent exploit targets because they yield lots of power when they break. The malicious user try to execute its code at the same level as a privileged system call.
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_0_MOZILLAFIREFOX-100223.NASL description Mozilla Firefox was upgraded to version 3.0.18, fixing various bugs and security issues. Following security issues have been fixed: MFSA 2010-01 / CVE-2010-0159: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-02 / CVE-2010-0160: Security researcher Orlando Barrera II reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 44899 published 2010-02-25 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44899 title openSUSE Security Update : MozillaFirefox (MozillaFirefox-2052) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update MozillaFirefox-2052. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(44899); script_version("1.10"); script_cvs_date("Date: 2019/10/25 13:36:37"); script_cve_id("CVE-2009-1571", "CVE-2009-3988", "CVE-2010-0159", "CVE-2010-0160", "CVE-2010-0162"); script_name(english:"openSUSE Security Update : MozillaFirefox (MozillaFirefox-2052)"); script_summary(english:"Check for the MozillaFirefox-2052 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Mozilla Firefox was upgraded to version 3.0.18, fixing various bugs and security issues. Following security issues have been fixed: MFSA 2010-01 / CVE-2010-0159: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-02 / CVE-2010-0160: Security researcher Orlando Barrera II reported via TippingPoint's Zero Day Initiative that Mozilla's implementation of Web Workers contained an error in its handling of array data types when processing posted messages. This error could be used by an attacker to corrupt heap memory and crash the browser, potentially running arbitrary code on a victim's computer. MFSA 2010-03 / CVE-2009-1571: Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called. MFSA 2010-04 / CVE-2009-3988: Security researcher Hidetake Jo of Microsoft Vulnerability Research reported that the properties set on an object passed to showModalDialog were readable by the document contained in the dialog, even when the document was from a different domain. This is a violation of the same-origin policy and could result in a website running untrusted JavaScript if it assumed the dialogArguments could not be initialized by another site. An anonymous security researcher, via TippingPoint's Zero Day Initiative, also independently reported this issue to Mozilla. MFSA 2010-05 / CVE-2010-0162: Mozilla security researcher Georgi Guninski reported that when a SVG document which is served with Content-Type: application/octet-stream is embedded into another document via an <embed> tag with type='image/svg+xml', the Content-Type is ignored and the SVG document is processed normally. A website which allows arbitrary binary data to be uploaded but which relies on Content-Type: application/octet-stream to prevent script execution could have such protection bypassed. An attacker could upload a SVG document containing JavaScript as a binary file to a website, embed the SVG document into a malicous page on another site, and gain access to the script environment from the SVG-serving site, bypassing the same-origin policy." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=576969" ); script_set_attribute( attribute:"solution", value:"Update the affected MozillaFirefox packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(79, 94, 264, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner190"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0"); script_set_attribute(attribute:"patch_publication_date", value:"2010/02/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.0", reference:"MozillaFirefox-3.0.18-0.1") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"MozillaFirefox-translations-3.0.18-0.1") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"mozilla-xulrunner190-1.9.0.18-0.1") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"mozilla-xulrunner190-devel-1.9.0.18-0.1") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"mozilla-xulrunner190-gnomevfs-1.9.0.18-0.1") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"mozilla-xulrunner190-translations-1.9.0.18-0.1") ) flag++; if ( rpm_check(release:"SUSE11.0", cpu:"x86_64", reference:"mozilla-xulrunner190-32bit-1.9.0.18-0.1") ) flag++; if ( rpm_check(release:"SUSE11.0", cpu:"x86_64", reference:"mozilla-xulrunner190-gnomevfs-32bit-1.9.0.18-0.1") ) flag++; if ( rpm_check(release:"SUSE11.0", cpu:"x86_64", reference:"mozilla-xulrunner190-translations-32bit-1.9.0.18-0.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-896-1.NASL description Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0159) Orlando Barrera II discovered a flaw in the Web Workers implementation of Firefox. If a user were tricked into posting to a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0160) Alin Rad Pop discovered that Firefox last seen 2020-06-01 modified 2020-06-02 plugin id 44656 published 2010-02-18 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44656 title Ubuntu 9.10 : firefox-3.5, xulrunner-1.9.1 vulnerabilities (USN-896-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0112.NASL description Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A use-after-free flaw was found in Firefox. Under low memory conditions, visiting a web page containing malicious content could result in Firefox executing arbitrary code with the privileges of the user running Firefox. (CVE-2009-1571) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-0159, CVE-2010-0160) Two flaws were found in the way certain content was processed. An attacker could use these flaws to create a malicious web page that could bypass the same-origin policy, or possibly run untrusted JavaScript. (CVE-2009-3988, CVE-2010-0162) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.18. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.18, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 44648 published 2010-02-18 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44648 title CentOS 4 / 5 : firefox (CESA-2010:0112) NASL family Fedora Local Security Checks NASL id FEDORA_2010-1936.NASL description Update to new upstream Firefox version 3.5.8, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/firefox35.html#firefox3.5.8 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47288 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47288 title Fedora 11 : Miro-2.5.4-2.fc11 / blam-1.8.5-18.fc11 / chmsee-1.0.1-15.fc11 / eclipse-3.4.2-20.fc11 / etc (2010-1936) NASL family Fedora Local Security Checks NASL id FEDORA_2010-1727.NASL description Update to new upstream Firefox version 3.5.8, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/firefox35.html#firefox3.5.8 Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47268 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47268 title Fedora 12 : blam-1.8.5-22.fc12 / firefox-3.5.8-1.fc12 / galeon-2.0.7-20.fc12 / etc (2010-1727) NASL family Windows NASL id MOZILLA_FIREFOX_358.NASL description The installed version of Firefox is 3.5.x earlier than 3.5.8. Such versions are potentially affected by the following security issues : - Multiple crashes can result in arbitrary code execution. (MFSA 2010-01) - The implementation of last seen 2020-06-01 modified 2020-06-02 plugin id 44659 published 2010-02-18 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44659 title Firefox 3.5 < 3.5.8 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_MOZILLA-XULRUNNER190-6866.NASL description Mozilla XUL Runner engine 1.9.0 was upgraded to version 1.9.0.8, fixing various bugs and security issues. The following security issues have been fixed : - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-01 / CVE-2010-0159) - Security researcher Orlando Barrera II reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 49900 published 2010-10-11 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49900 title SuSE 10 Security Update : Mozilla XULRunner (ZYPP Patch Number 6866) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0113.NASL description From Red Hat Security Advisory 2010:0113 : Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. A use-after-free flaw was found in SeaMonkey. Under low memory conditions, visiting a web page containing malicious content could result in SeaMonkey executing arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-1571) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-0159) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68000 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68000 title Oracle Linux 3 / 4 : seamonkey (ELSA-2010-0113) NASL family Fedora Local Security Checks NASL id FEDORA_2010-1932.NASL description Update to new upstream SeaMonkey version 2.0.3, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/seamonkey20.html#seamonkey2.0.3 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47285 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47285 title Fedora 12 : seamonkey-2.0.3-1.fc12 (2010-1932) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1999.NASL description Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-1571 Alin Rad Pop discovered that incorrect memory handling in the HTML parser could lead to the execution of arbitrary code. - CVE-2009-3988 Hidetake Jo discovered that the same-origin policy can be bypassed through window.dialogArguments. - CVE-2010-0159 Henri Sivonen, Boris Zbarsky, Zack Weinberg, Bob Clary, Martijn Wargers and Paul Nickerson reported crashes in layout engine, which might allow the execution of arbitrary code. - CVE-2010-0160 Orlando Barrera II discovered that incorrect memory handling in the implementation of the web worker API could lead to the execution of arbitrary code. - CVE-2010-0162 Georgi Guninski discovered that the same origin policy can be bypassed through specially crafted SVG documents. last seen 2020-06-01 modified 2020-06-02 plugin id 44863 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44863 title Debian DSA-1999-1 : xulrunner - several vulnerabilities NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0113.NASL description Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. A use-after-free flaw was found in SeaMonkey. Under low memory conditions, visiting a web page containing malicious content could result in SeaMonkey executing arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-1571) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-0159) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 44649 published 2010-02-18 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44649 title CentOS 3 / 4 : seamonkey (CESA-2010:0113) NASL family SuSE Local Security Checks NASL id SUSE_MOZILLAFIREFOX-6863.NASL description Mozilla Firefox was upgraded to version 3.5.8, fixing various bugs and security issues. The following security issues have been fixed : - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-01 / CVE-2010-0159) - Security researcher Orlando Barrera II reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 44910 published 2010-02-25 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44910 title SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6863) NASL family SuSE Local Security Checks NASL id SUSE_11_1_MOZILLAFIREFOX-100223.NASL description Mozilla Firefox was upgraded to version 3.0.18, fixing various bugs and security issues. Following security issues have been fixed: MFSA 2010-01 / CVE-2010-0159: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-02 / CVE-2010-0160: Security researcher Orlando Barrera II reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 44901 published 2010-02-25 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44901 title openSUSE Security Update : MozillaFirefox (MozillaFirefox-2052) NASL family Windows NASL id SEAMONKEY_203.NASL description The installed version of SeaMonkey is earlier than 2.0.3. Such versions are potentially affected by the following security issues : - Multiple crashes can result in arbitrary code execution. (MFSA 2010-01) - The implementation of last seen 2020-06-01 modified 2020-06-02 plugin id 44660 published 2010-02-18 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44660 title SeaMonkey < 2.0.3 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_MOZILLAFIREFOX-6867.NASL description Mozilla Firefox was upgraded to version 3.5.8, fixing various bugs and security issues. The following security issues have been fixed : - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-01 / CVE-2010-0159) - Security researcher Orlando Barrera II reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 49891 published 2010-10-11 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49891 title SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6867) NASL family SuSE Local Security Checks NASL id SUSE_11_MOZILLA-XULRUNNER190-100219.NASL description Mozilla XUL Runner engine 1.9.0 was upgraded to version 1.9.0.8, fixing various bugs and security issues. The following security issues have been fixed : - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-01 / CVE-2010-0159) - Security researcher Orlando Barrera II reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 44909 published 2010-02-25 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44909 title SuSE 11 Security Update : Mozilla XULRunner (SAT Patch Number 2033) NASL family SuSE Local Security Checks NASL id SUSE_11_2_SEAMONKEY-100218.NASL description Mozilla SeaMonkey was upgraded to version 2.0.3, fixing various bugs and security issues. Following security issues have been fixed: MFSA 2010-01 / CVE-2010-0159: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-02 / CVE-2010-0160: Security researcher Orlando Barrera II reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 44906 published 2010-02-25 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44906 title openSUSE Security Update : seamonkey (seamonkey-2013) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0112.NASL description Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A use-after-free flaw was found in Firefox. Under low memory conditions, visiting a web page containing malicious content could result in Firefox executing arbitrary code with the privileges of the user running Firefox. (CVE-2009-1571) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-0159, CVE-2010-0160) Two flaws were found in the way certain content was processed. An attacker could use these flaws to create a malicious web page that could bypass the same-origin policy, or possibly run untrusted JavaScript. (CVE-2009-3988, CVE-2010-0162) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.18. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.18, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 44651 published 2010-02-18 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44651 title RHEL 4 / 5 : firefox (RHSA-2010:0112) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_F82C85D81C6E11DFABB2000F20797EDE.NASL description Mozilla Project reports : MFSA 2010-05 XSS hazard using SVG document and binary Content-Type MFSA 2010-04 XSS due to window.dialogArguments being readable cross-domain MFSA 2010-03 Use-after-free crash in HTML parser MFSA 2010-02 Web Worker Array Handling Heap Corruption Vulnerability MFSA 2010-01 Crashes with evidence of memory corruption (rv:1.9.1.8/ 1.9.0.18) last seen 2020-06-01 modified 2020-06-02 plugin id 44661 published 2010-02-19 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44661 title FreeBSD : mozilla -- multiple vulnerabilities (f82c85d8-1c6e-11df-abb2-000f20797ede) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-895-1.NASL description Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0159) Orlando Barrera II discovered a flaw in the Web Workers implementation of Firefox. If a user were tricked into posting to a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0160) Alin Rad Pop discovered that Firefox last seen 2020-06-01 modified 2020-06-02 plugin id 44655 published 2010-02-18 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44655 title Ubuntu 8.04 LTS / 8.10 / 9.04 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-895-1) NASL family SuSE Local Security Checks NASL id SUSE_MOZILLA-XULRUNNER190-6871.NASL description Mozilla XUL Runner engine 1.9.0 was upgraded to version 1.9.0.8, fixing various bugs and security issues. The following security issues have been fixed : - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-01 / CVE-2010-0159) - Security researcher Orlando Barrera II reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 44911 published 2010-02-25 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44911 title SuSE 10 Security Update : Mozilla XULRunner (ZYPP Patch Number 6871) NASL family SuSE Local Security Checks NASL id SUSE_11_2_MOZILLATHUNDERBIRD-100305.NASL description Mozilla Thunderbird was upgraded to version 3.0.3, fixing various bugs and security issues. Following security issues have been fixed: MFSA 2010-01 / CVE-2010-0159: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-03 / CVE-2009-1571: Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called. MFSA 2009-65 / CVE-2009-3979 / CVE-2009-3980 / CVE-2009-3982: Crashes with evidence of memory corruption were fixed. (rv:1.9.1.6) MFSA 2009-66 / CVE-2009-3388 (bmo#504843,bmo#523816): Memory safety fixes in liboggplay media library were added. MFSA 2009-67 / CVE-2009-3389 (bmo#515882,bmo#504613): An Integer overflow, crash in libtheora video library was fixed. last seen 2020-06-01 modified 2020-06-02 plugin id 45034 published 2010-03-11 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45034 title SuSE 11.2 Security Update: MozillaThunderbird (2010-03-05) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0112.NASL description From Red Hat Security Advisory 2010:0112 : Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A use-after-free flaw was found in Firefox. Under low memory conditions, visiting a web page containing malicious content could result in Firefox executing arbitrary code with the privileges of the user running Firefox. (CVE-2009-1571) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-0159, CVE-2010-0160) Two flaws were found in the way certain content was processed. An attacker could use these flaws to create a malicious web page that could bypass the same-origin policy, or possibly run untrusted JavaScript. (CVE-2009-3988, CVE-2010-0162) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.18. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.18, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 67999 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67999 title Oracle Linux 4 / 5 : firefox (ELSA-2010-0112) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0113.NASL description Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. A use-after-free flaw was found in SeaMonkey. Under low memory conditions, visiting a web page containing malicious content could result in SeaMonkey executing arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-1571) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-0159) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 44652 published 2010-02-18 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44652 title RHEL 3 / 4 : seamonkey (RHSA-2010:0113) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-042.NASL description Security issues were identified and fixed in firefox 3.0.x and 3.5.x : Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code (CVE-2010-0159). Security researcher Orlando Barrera II reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 44672 published 2010-02-22 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44672 title Mandriva Linux Security Advisory : firefox (MDVSA-2010:042) NASL family Windows NASL id MOZILLA_FIREFOX_3018.NASL description The installed version of Firefox is earlier than 3.0.18. Such versions are potentially affected by the following security issues : - Multiple crashes can result in arbitrary code execution. (MFSA 2010-01) - The implementation of last seen 2020-06-01 modified 2020-06-02 plugin id 44658 published 2010-02-18 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44658 title Firefox < 3.0.18 Multiple Vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201301-01.NASL description The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 63402 published 2013-01-08 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63402 title GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST) NASL family SuSE Local Security Checks NASL id SUSE_11_2_MOZILLAFIREFOX-100218.NASL description Mozilla Firefox was upgraded to version 3.5.8, fixing various bugs and security issues. Following security issues have been fixed: MFSA 2010-01 / CVE-2010-0159: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-02 / CVE-2010-0160: Security researcher Orlando Barrera II reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 44903 published 2010-02-25 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44903 title openSUSE Security Update : MozillaFirefox (MozillaFirefox-2017) NASL family SuSE Local Security Checks NASL id SUSE_11_MOZILLAFIREFOX-100219.NASL description Mozilla Firefox was upgraded to version 3.5.8, fixing various bugs and security issues. The following security issues have been fixed : - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-01 / CVE-2010-0159) - Security researcher Orlando Barrera II reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 44907 published 2010-02-25 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44907 title SuSE 11 Security Update : Mozilla Firefox (SAT Patch Number 2025)
Oval
accepted 2014-10-06T04:04:36.642-04:00 class vulnerability contributors name J. Daniel Brown organization DTCC name Sergey Artykhov organization ALTX-SOFT name Sergey Artykhov organization ALTX-SOFT name Shane Shaffer organization G2, Inc. name Maria Kedovskaya organization ALTX-SOFT name Maria Mikhno organization ALTX-SOFT name Evgeniy Pavlov organization ALTX-SOFT name Evgeniy Pavlov organization ALTX-SOFT name Evgeniy Pavlov organization ALTX-SOFT
definition_extensions comment Mozilla Firefox Mainline release is installed oval oval:org.mitre.oval:def:22259 comment Mozilla Seamonkey is installed oval oval:org.mitre.oval:def:6372
description Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values. family windows id oval:org.mitre.oval:def:8355 status accepted submitted 2010-03-02T17:30:00.000-05:00 title Mozilla Firefox and SeaMonkey XSS Vulnerability due to window.dialogArguments being readable cross-domain version 31 accepted 2013-04-29T04:19:04.935-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990 comment The operating system installed on the system is Red Hat Enterprise Linux 5 oval oval:org.mitre.oval:def:11414 comment The operating system installed on the system is CentOS Linux 5.x oval oval:org.mitre.oval:def:15802 comment Oracle Linux 5.x oval oval:org.mitre.oval:def:15459
description Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values. family unix id oval:org.mitre.oval:def:9384 status accepted submitted 2010-07-09T03:56:16-04:00 title Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values. version 27
Redhat
| advisories |
| ||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | CVE ID: CVE-2009-3988 Firefox是一款流行的开源WEB浏览器。 Firefox的同源策略实现上存在漏洞,远程攻击者可能通过使用showModalDialog() JavaScript方法绕过权限限制,获取其他浏览网面的信息。 利用此漏洞需要一定的用户交互发生。 Mozilla Firefox 3.0.x 厂商补丁: Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.mozilla.org/security/announce/2010/mfsa2010-04.html |
| id | SSV:19160 |
| last seen | 2017-11-19 |
| modified | 2010-02-20 |
| published | 2010-02-20 |
| reporter | Root |
| title | Firefox showModalDialog()方法跨域脚本执行漏洞 |
References
- http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html
- http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html
- http://secunia.com/advisories/37242
- http://secunia.com/advisories/38847
- http://www.debian.org/security/2010/dsa-1999
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:042
- http://www.mozilla.org/security/announce/2010/mfsa2010-04.html
- http://www.redhat.com/support/errata/RHSA-2010-0112.html
- http://www.ubuntu.com/usn/USN-895-1
- http://www.ubuntu.com/usn/USN-896-1
- http://www.vupen.com/english/advisories/2010/0405
- https://bugzilla.mozilla.org/show_bug.cgi?id=504862
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56362
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8355
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9384