HTTP: Mozilla Firefox XBL Event Handler Tags Removal Memory Corruption

There exists a memory corruption vulnerability in Mozilla Foundation's family of browser products. The flaw exists in the XBL (Extensible Binding Language) component and specifically happens via dynamic manipulation of XUL Tags inside Event Handlers. A remote attacker can exploit this vulnerability to execute arbitrary code in the security context of the target browser. An attack targeting this vulnerability can result in the injection and execution of arbitrary code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Any injected code will be executed within the security context of the currently logged in user. In the case of an unsuccessful code execution attack, Firefox may terminate abnormally.

Extended Description

The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox 2.0.0.7 and prior versions. These vulnerabilities allow attackers to: - Execute arbitrary code due to memory corruption. - Carry out content spoofing and phishing attacks. - Gain unauthorized access to files on a user's computer running the Linux operating system. - Execute script code with elevated privileges. Other attacks may also be possible. These issues are present in Firefox 2.0.0.7 and prior versions. Mozilla Thunderbird 2.0.0.7 and prior versions as well as SeaMonkey 1.1.4 and prior versions are also affected by many of these vulnerabilities.

Affected Products

Mozilla camino

References

BugTraq: 26132

CVE: CVE-2007-5339

Short Name

HTTP:STC:MOZILLA:XBL-TAG-RM

Severity

Major

Recommended

False

Recommended Action

Drop

HTTP: Mozilla Firefox XBL Event Handler Tags Removal Memory Corruption

Extended Description

Affected Products

References

Found a potential security threat?