Firefox "wyciwyg://" Handler Vulnerability

Ramona · Joined: 19 Jun 2002 Posts: 2360 Location: Midwest USA

Secunia Advisory: SA25990
Release Date: 2007-07-10

Critical: Less critical
Impact: Spoofing

Exposure of sensitive information
Where: From remote
Solution Status: Unpatched

Software: Mozilla Firefox 2.0.x

Description:
Michal Zalewski has discovered a vulnerability in Mozilla Firefox, which can be exploited by malicious people to disclose sensitive information and conduct spoofing attacks.

The vulnerability is caused due to an error in the handling of the "wyciwyg://" URI handler. This can be exploited to access or spoof contents from a previously cached web site e.g. via HTTP 302 redirects when a user visits a malicious web page.

The vulnerability is confirmed in version 2.0.0.4. Other versions may also be affected.

Solution:
Do not browse untrusted web sites.

Provided and/or discovered by:
Michal Zalewski

Original Advisory:
http://lcamtuf.coredump.cx/ffcache/

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4

RAMONA
Netscape, Mozilla, Firefox Solutions

Antony · Joined: 18 Jun 2002 Posts: 11914

This vulnerability is addressed in Firefox 2.0.0.5

.

Mozilla Foundation Security Advisory 2007-24

UserAgent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4

MozInfo701

| MacCentre701

| AntBlog701

| don't steal music

.

	Forum Index > Firefox, SeaMonkey and Netscape	All times are CST (GMT -6)
page 1 of 1