Vulnerabilities > CVE-2013-5611 - Security Bypass vulnerability in Mozilla Firefox
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation.
Vulnerable Configurations
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-2.NASL description This update fixes the following security issues with SeaMonkey : - update to SeaMonkey 2.23 (bnc#854370)) - requires NSPR 4.10.2 and NSS 3.15.3.1 - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards - MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application Installation doorhanger persists on navigation - MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character encoding cross-origin XSS attack - MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox restrictions not applied to nested object elements - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing - MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential overflow in JavaScript binary search algorithms - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements - MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard information disclosure though selection paste - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) JPEG information leak - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI certificate (fixed via NSS 3.15.3.1) - rebased patches : - mozilla-nongnome-proxies.patch - mozilla-shared-nss-db.patch last seen 2020-06-05 modified 2014-06-13 plugin id 75327 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75327 title openSUSE Security Update : seamonkey (openSUSE-SU-2014:0008-1) NASL family Fedora Local Security Checks NASL id FEDORA_2013-23127.NASL description Update to Firefox 26. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-12-12 plugin id 71365 published 2013-12-12 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71365 title Fedora 19 : firefox-26.0-2.fc19 / xulrunner-26.0-1.fc19 (2013-23127) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-995.NASL description - update to Firefox 26.0 (bnc#854367, bnc#854370) - rebased patches - requires NSPR 4.10.2 and NSS 3.15.3.1 - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards - MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application Installation doorhanger persists on navigation - MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character encoding cross-origin XSS attack - MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox restrictions not applied to nested object elements - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing - MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential overflow in JavaScript binary search algorithms - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements - MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard information disclosure though selection paste - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) JPEG information leak - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI certificate (fixed via NSS 3.15.3.1) - removed gecko.js preference file as GStreamer is enabled by default now last seen 2020-06-05 modified 2014-06-13 plugin id 75241 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75241 title openSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:1918-1) NASL family SuSE Local Security Checks NASL id SUSE_11_FIREFOX24-201312-131216.NASL description Mozilla Firefox has been updated to the 24.2.0 ESR security release. This is a major upgrade from the 17 ESR release branch. Security issues fixed : - Application Installation doorhanger persists on navigation. (MFSA 2013-105). (CVE-2013-5611) - Miscellaneous memory safety hazards (rv:24.2). (MFSA 2013-104). (CVE-2013-5609) - Miscellaneous memory safety hazards (rv:26.0). (MFSA 2013-104). (CVE-2013-5610) - Character encoding cross-origin XSS attack. (MFSA 2013-106). (CVE-2013-5612) - Sandbox restrictions not applied to nested object elements. (MFSA 2013-107). (CVE-2013-5614) - Use-after-free in event listeners. (MFSA 2013-108). (CVE-2013-5616) - Potential overflow in JavaScript binary search algorithms. (MFSA 2013-110). (CVE-2013-5619) - Segmentation violation when replacing ordered list elements. (MFSA 2013-111). (CVE-2013-6671) - Trust settings for built-in roots ignored during EV certificate validation. (MFSA 2013-113). (CVE-2013-6673) - Use-after-free in synthetic mouse movement. (MFSA 2013-114). (CVE-2013-5613) - GetElementIC typed array stubs can be generated outside observed typesets. (MFSA 2013-115). (CVE-2013-5615) - Linux clipboard information disclosure though selection paste. (MFSA 2013-112). (CVE-2013-6672) - Use-after-free during Table Editing (MFSA 2013-109). (CVE-2013-5618) last seen 2020-06-05 modified 2013-12-20 plugin id 71560 published 2013-12-20 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71560 title SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 8657) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-994.NASL description - update to Firefox 26.0 (bnc#854367, bnc#854370) - rebased patches - requires NSPR 4.10.2 and NSS 3.15.3.1 - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards - MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application Installation doorhanger persists on navigation - MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character encoding cross-origin XSS attack - MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox restrictions not applied to nested object elements - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing - MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential overflow in JavaScript binary search algorithms - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements - MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard information disclosure though selection paste - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) JPEG information leak - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI certificate (fixed via NSS 3.15.3.1) - removed gecko.js preference file as GStreamer is enabled by default now last seen 2020-06-05 modified 2014-06-13 plugin id 75240 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75240 title openSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:1917-1) NASL family MacOS X Local Security Checks NASL id MACOSX_FIREFOX_26.NASL description The installed version of Firefox is earlier than 26.0 and is, therefore, potentially affected by multiple vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2013-5609, CVE-2013-5610) - An issue exists where the notification for a Web App installation could persist from one website to another website. This could be used by a malicious website to trick a user into installing an application from one website while making it appear to come from another website. (CVE-2013-5611) - Cross-site scripting filtering evasion may be possible due to character encodings being inherited from a previously visited website when character set encoding is missing from the current website. (CVE-2013-5612) - Two use-after-free vulnerabilities exist in the functions for synthetic mouse movement handling. (CVE-2013-5613) - Sandbox restrictions may be bypassed because last seen 2020-06-01 modified 2020-06-02 plugin id 71344 published 2013-12-11 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71344 title Firefox < 26.0 Multiple Vulnerabilities (Mac OS X) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-993.NASL description - update to Firefox 26.0 (bnc#854367, bnc#854370) - rebased patches - requires NSPR 4.10.2 and NSS 3.15.3.1 - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards - MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application Installation doorhanger persists on navigation - MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character encoding cross-origin XSS attack - MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox restrictions not applied to nested object elements - MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners - MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing - MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential overflow in JavaScript binary search algorithms - MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements - MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard information disclosure though selection paste - MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation - MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement - MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets - MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) JPEG information leak - MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI certificate (fixed via NSS 3.15.3.1) - removed gecko.js preference file as GStreamer is enabled by default now last seen 2020-06-05 modified 2014-06-13 plugin id 75239 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75239 title openSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:1916-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2052-1.NASL description Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler and Christoph Diehl discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5609, CVE-2013-5610) Myk Melez discovered that the doorhanger notification for web app installation could persist between page navigations. An attacker could potentially exploit this to conduct clickjacking attacks. (CVE-2013-5611) Masato Kinugawa discovered that pages with missing character set encoding information can inherit character encodings across navigations from another domain. An attacker could potentially exploit this to conduct cross-site scripting attacks. (CVE-2013-5612) Daniel Veditz discovered that a sandboxed iframe could use an object element to bypass its own restrictions. (CVE-2013-5614) Tyson Smith and Jesse Schwartzentruber discovered a use-after-free in event listeners. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5616) A use-after-free was discovered in the table editing interface. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5618) Dan Gohman discovered that binary search algorithms in Spidermonkey used arithmetic prone to overflow in several places. However, this is issue not believed to be exploitable. (CVE-2013-5619) Tyson Smith and Jesse Schwartzentruber discovered a crash when inserting an ordered list in to a document using script. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-6671) Vincent Lefevre discovered that web content could access clipboard data under certain circumstances, resulting in information disclosure. (CVE-2013-6672) Sijie Xia discovered that trust settings for built-in EV root certificates were ignored under certain circumstances, removing the ability for a user to manually untrust certificates from specific authorities. (CVE-2013-6673) Tyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a use-after-free in functions for synthetic mouse movement handling. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5613) Eric Faust discovered that GetElementIC typed array stubs can be generated outside observed typesets. An attacker could possibly exploit this to cause undefined behaviour with a potential security impact. (CVE-2013-5615) Michal Zalewski discovered several issues with JPEG image handling. An attacker could potentially exploit these to obtain sensitive information. (CVE-2013-6629, CVE-2013-6630). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 71374 published 2013-12-12 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71374 title Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : firefox vulnerabilities (USN-2052-1) NASL family Windows NASL id MOZILLA_FIREFOX_26.NASL description The installed version of Firefox is earlier than 26.0 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2013-5609, CVE-2013-5610) - An issue exists where the notification for a Web App installation could persist from one website to another website. This could be used by a malicious website to trick a user into installing an application from one website while making it appear to come from another website. (CVE-2013-5611) - Cross-site scripting filtering evasion may be possible due to character encodings being inherited from a previously visited website when character set encoding is missing from the current website. (CVE-2013-5612) - Two use-after-free vulnerabilities exist in the functions for synthetic mouse movement handling. (CVE-2013-5613) - Sandbox restrictions may be bypassed because last seen 2020-06-01 modified 2020-06-02 plugin id 71347 published 2013-12-11 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71347 title Firefox < 26.0 Multiple Vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_DD116B1964B311E3868F0025905A4771.NASL description The Mozilla Project reports : MFSA 2013-116 JPEG information leak MFSA 2013-105 Application Installation doorhanger persists on navigation MFSA 2013-106 Character encoding cross-origin XSS attack MFSA 2013-107 Sandbox restrictions not applied to nested object elements MFSA 2013-108 Use-after-free in event listeners MFSA 2013-109 Use-after-free during Table Editing MFSA 2013-110 Potential overflow in JavaScript binary search algorithms MFSA 2013-111 Segmentation violation when replacing ordered list elements MFSA 2013-112 Linux clipboard information disclosure though selection paste MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation MFSA 2013-114 Use-after-free in synthetic mouse movement MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets MFSA 2013-116 JPEG information leak MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate last seen 2020-06-01 modified 2020-06-02 plugin id 71452 published 2013-12-16 reporter This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71452 title FreeBSD : mozilla -- multiple vulnerabilities (dd116b19-64b3-11e3-868f-0025905a4771) NASL family Fedora Local Security Checks NASL id FEDORA_2013-23519.NASL description New upstream. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-12-18 plugin id 71505 published 2013-12-18 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71505 title Fedora 20 : firefox-26.0-3.fc20 / thunderbird-24.2.0-3.fc20 / xulrunner-26.0-2.fc20 (2013-23519) NASL family SuSE Local Security Checks NASL id SUSE_11_FIREFOX24-201312-131215.NASL description Mozilla Firefox has been updated to the 24.2.0 ESR security release. This is a major upgrade from the 17 ESR release branch. Security issues fixed : - Application Installation doorhanger persists on navigation. (MFSA 2013-105). (CVE-2013-5611) - Miscellaneous memory safety hazards (rv:24.2). (MFSA 2013-104). (CVE-2013-5609) - Miscellaneous memory safety hazards (rv:26.0). (MFSA 2013-104). (CVE-2013-5610) - Character encoding cross-origin XSS attack. (MFSA 2013-106). (CVE-2013-5612) - Sandbox restrictions not applied to nested object elements. (MFSA 2013-107). (CVE-2013-5614) - Use-after-free in event listeners. (MFSA 2013-108). (CVE-2013-5616) - Potential overflow in JavaScript binary search algorithms. (MFSA 2013-110). (CVE-2013-5619) - Segmentation violation when replacing ordered list elements. (MFSA 2013-111). (CVE-2013-6671) - Trust settings for built-in roots ignored during EV certificate validation. (MFSA 2013-113). (CVE-2013-6673) - Use-after-free in synthetic mouse movement. (MFSA 2013-114). (CVE-2013-5613) - GetElementIC typed array stubs can be generated outside observed typesets. (MFSA 2013-115). (CVE-2013-5615) - Linux clipboard information disclosure though selection paste. (MFSA 2013-112). (CVE-2013-6672) - Use-after-free during Table Editing (MFSA 2013-109). (CVE-2013-5618) last seen 2020-06-05 modified 2013-12-20 plugin id 71559 published 2013-12-20 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71559 title SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 8657)
Seebug
bulletinFamily | exploit |
description | CVE(CAN) ID: CVE-2013-5611 Mozilla Firefox是Mozilla所发布的WEB浏览器。 Mozilla Firefox没有正确删除应用安装doorhanger,允许攻击者利用漏洞构建恶意WEB页,诱使用户解析,通过控制页面导航时序来伪造应用程序安装站点。 0 Mozilla Firefox < 26 厂商补丁: Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.mozilla.org/security/ http://www.mozilla.org/security/announce/2013/mfsa2013-105.html |
id | SSV:61093 |
last seen | 2017-11-19 |
modified | 2013-12-12 |
published | 2013-12-12 |
reporter | Root |
title | Mozilla Firefox WEB应用安装持久Doorhanger通知漏洞 |
References
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html
- http://www.mozilla.org/security/announce/2013/mfsa2013-105.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securitytracker.com/id/1029470
- http://www.ubuntu.com/usn/USN-2052-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=771294