Privacy and Legal Notice

CIAC INFORMATION BULLETIN

S-335: Mozilla Firefox Vulnerabilities

[Mozilla Foundation Security Advisory 2008-33]

July 8, 2008 18:00 GMT
[REVISED 30 Jul 2008]
[REVISED 18 Aug 2008]
PROBLEM: There is a vulnerability in Firefox that could crash in Mozilla's block reflow code that could be used by an attacker to crash the browser and run arbitrary code on the victim's computer.
PLATFORM: Firefox versions prior to 2.0.0.15
Debian GNU/Linux 4.0 (etch)
DAMAGE: Execute arbitrary code and DoS.
SOLUTION: Upgrade to the appropriate version.
VULNERABILITY
ASSESSMENT:		 The risk is MEDIUM. A remote, unauthenticated attacker may be able to execute arbitrary code or cause a vulnerable browser to crash.
CVSS 2 BASE SCORE:
   TEMPORAL SCORE:
   VECTOR:		 7.5
6.2
(AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
LINKS:  
  CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/s-335.shtml
  ORIGINAL BULLETIN: http://www.mozilla.org/security/announce/2008/mfsa2008-33.html
  ADDITIONAL LINKS: http://www.kb.cert.org/vuls/id/607267
https://rhn.redhat.com/errata/RHSA-2008-0547.html
http://www.debian.org/security/2008/dsa-1607
http://www.debian.org/security/2008/dsa-1615
http://www.debian.org/security/2008/dsa-1621
  CVE: CVE-2008-2811 CVE-2008-2798 CVE-2008-2799 CVE-2008-2800 CVE-2008-2801 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809 CVE-2008-2810
REVISION HISTORY:
07/30/2008 - revised S-335 to add a link to Debian Security Advisory DSA-1607-1 for Debian GNU/Linux 4.0 (etch).
08/18/2008 - revised S-335 to add a link to Debian Security Advisories DSA-1615-1 and DSA-1621-1 for Debian GNU/Linux 4.0 (etch). 
[***** Start Mozilla Foundation Security Advisory 2008-33 *****]

Mozilla Foundation Security Advisory 2008-33

Title: Crash and remote code execution in block reflow
Impact: Critical
Announced: July 1, 2008
Reporter: Astabis (iSIGHT Partners GVP Program)
Products: Firefox 2, Thunderbird 2, SeaMonkey

Fixed in: Firefox 2.0.0.15
  SeaMonkey 1.1.10

Description

Security research firm Astabis reported a vulnerability in Firefox 2 submitted through the iSIGHT Partners GVP Program by Greg McManus, Primary GVP Researcher. The reported crash in Mozilla's block reflow code could be used by an attacker to crash the browser and run arbitrary code on the victim's computer.

This vulnerability does not affect Firefox 3.

Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail.

Workaround

Disable JavaScript until a version containing these fixes can be installed.

References


[***** End Mozilla Foundation Security Advisory 2008-33 *****]
CIAC wishes to acknowledge the contributions of Mozilla for the information contained in this bulletin.
CIAC services are available to DOE, DOE Contractors, and the NIH. CIAC can be contacted at: 
    Voice:          +1 925-422-8193 (7 x 24)
    FAX:            +1 925-423-8002
    STU-III:        +1 925-423-2604
    E-mail:          ciac@ciac.org
    World Wide Web:  http://www.ciac.org/
    Anonymous FTP:   ftp.ciac.org
This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes.
UCRL-MI-119788
[Privacy and Legal Notice]