CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.0%
Mozilla may execute JavaScript contained within a site icon tag with elevated privileges. This may allow an attacker to execute arbitrary commands on a vulnerable system.
XPCOM
XPCOM is a cross-platform component object model similar to Microsoft COM or CORBA. XPCOM provides the following features to software developers:
* Component management
* File abstraction
* Object message passing
* Memory Management
XPConnect
XPConnect enables simple interoperation between XPCOM and JavaScript. XPConnect allows JavaScript to access and manipulate XPCOM objects. It also allows JavaScript objects to present XPCOM compliant interfaces to be called by XPCOM objects.
Chrome
The Mozilla user interface components outside of the content area are created using chrome. This includes toolbars, menu bars, progress bars, and window title bars. Chrome provides content, locale, and skin information for the user interface.
Chrome script
Chrome scripts have elevated privileges. Because of the extra privileges, they can perform actions that web scripts cannot. Chrome scripts also do not prompt for permission before executing potentially dangerous commands, such as creating or calling XPCOM components.
Site icons
A site icon is an icon associated with a particular web site or page. This icon may appear in the address bar or bookmarks of the web browser. A web page can specify a site icon by using the <LINK REL="icon">
or <LINK REL="shortcut icon">
HTML tags.
The problem
By convincing a user to view an HTML document (e.g., a web page), an attacker could execute arbitrary commands or code with the privileges of the user. The attacker could take any action as the user. If the user has administrative privileges, the attacker could take complete control of the user’s system.
We have received reports of active exploitation of this vulnerability.
Install an update
This issue is resolved in Firefox 1.0.4 and Mozilla Suite 1.7.8 according to the Mozilla Security Advisory 2005-43. The fix described in the Mozilla Security Advisory 2005-37 prevented an attack vector but did not fully address the vulnerability.
Disable site icons
By performing the following steps, it is possible to prevent Mozilla from retrieving and displaying site icons.
1. Enter “about:config
” in Mozilla’s address bar. This will display Mozilla’s configuration values.
2. Set the following value to false
:
browser.chrome.site_icons
Disable JavaScript
973309
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: April 20, 2005 Updated: May 06, 2005
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see Mozilla Foundation Security Advisory 2005-37 for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23973309 Feedback>).
Updated: August 01, 2005
Affected
Updated Mozilla packages (for Red Hat Enterprise Linux 4, 3, and 2.1) and
updated Firefox packages (for Red Hat Enterprise Linux 4) to correct this issue
are available at the URL below and by using the Red Hat Network ‘up2date’ tool.
<http://rhn.redhat.com/errata/CAN-2005-1155.html>
The vendor has not provided us with any further information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was disclosed by the Mozilla Foundation, who in turn credits Michael Krax for reporting the information.
This document was written by Will Dormann.
CVE IDs: | CVE-2005-1155 |
---|---|
Severity Metric: | 34.43 Date Public: |
secunia.com/advisories/14938/
secunia.com/advisories/14992/
www.mikx.de/firelinking/
www.mozilla.org/security/announce/mfsa2005-37.html
www.mozilla.org/security/announce/mfsa2005-43.html
www.osvdb.org/displayvuln.php?osvdb_id=15686
www.securityfocus.net/bid/13216/
xforce.iss.net/xforce/xfdb/20134
bugzilla.mozilla.org/show_bug.cgi?id=204779
bugzilla.mozilla.org/show_bug.cgi?id=290036