1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Firefox Favicon Link Tag Code Exec

HTTP Firefox Favicon Link Tag Code Exec

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a vulnerability in the Firefox Web browser which allows an attacker to execute arbitrary Javascript through the Favicon link.

Additional Information

Mozilla Suite is a collection of applications including a Web browser and an email client. Mozilla Firefox is a Web browser that supports tabbed browsing. These applications are available for Linux, Apple Mac OS, and Microsoft Windows platforms. Both Mozilla Suite and Firefox support favicon links enabling images to be displayed beside a URI in the address bar.

A remote script code execution vulnerability affects Mozilla Suite and Mozilla Firefox. This issue is due to a failure of the application to deny remote unauthorized access to trusted local interfaces.

The problem presents itself when a malicious favicon link contains a JavaScript URI. Apparently the affected application will execute any JavaScript supplied with the privileges of the affected process, ultimately facilitating code execution.

An attacker may be able to exploit this issue to execute arbitrary script code with the privileges of an unsuspecting user that activated the affected Web browser. This may facilitate the installation and execution of malicious applications on an affected computer.

It should be noted that this issue was previously reported in BID 13208 (Mozilla Suite Multiple Code Execution, Cross-Site Scripting, And Policy Bypass Vulnerabilities); it has been assigned its own BID.

Affected

  • HP HP-UX B.11.00, B.11.11, B.11.22, B.11.23
  • MandrakeSoft Corporate Server 3.0, 3.0 x86_64
  • MandrakeSoft Linux Mandrake 10.1, 10.1 x86_64, 10.2, 10.2 x86_64
  • Mozilla Browser 1.7, 1.7 alpha, 1.7 beta, 1.7 rc1, 1.7 rc2, 1.7 rc3, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6
  • Mozilla Firefox 0.8, 0.9, 0.9 rc, 0.9.1, 0.9.2, 0.9.3, 0.10, 0.10.1, 1.0, 1.0.1, 1.0.2
  • Netscape Navigator 7.0, 7.0.2, 7.1, 7.2
  • Netscape Netscape 7.0, 7.1, 7.2
  • RedHat Advanced Workstation for the Itanium Processor 2.1
  • RedHat Desktop 3.0
  • RedHat Enterprise Linux AS 2.1, AS 3, ES 2.1, ES 3, WS 2.1, WS 3
  • RedHat Fedora Core1, Core2
  • RedHat Linux 7.3, 7.3 i386, 7.3 i686, 9.0 i386
  • S.u.S.E. Linux 8.2, 9.0, 9.0 x86_64, 9.1, 9.1 x86_64
  • S.u.S.E. Linux Desktop 1.0
  • S.u.S.E. Linux Enterprise Server 8, 9
  • S.u.S.E. Linux Personal 9.2, 9.2 x86_64, 9.3
  • S.u.S.E. Novell Linux Desktop 9.0
  • SCO Unixware 7.1.4
  • SGI ProPack 3.0
  • Ubuntu Ubuntu Linux 5.0 4 amd64, 5.0 4 i386, 5.0 4 powerpc

Response

Mozilla has released an advisory along with upgrades dealing with this issue. Please see the reference section for more information.

SCO has released advisory SCOSA-2005.29 to address this issue. Please see the referenced advisory for more information.

SuSE has released advisory SUSE-SA:2005:028 to address this, and other issues in Mozilla. Please see the referenced advisory for further information.

Gentoo Linux has released an advisory (GLSA 200504-18) dealing with this issue. Gentoo advises that all users upgrade their packages by executing the following commands with superuser privileges:

emerge --sync
emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0.3"

All Mozilla Firefox binary users should upgrade to the latest version:

emerge --sync
emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.0.3"

All Mozilla Suite users should upgrade to the latest version:

emerge --sync
emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.7"

All Mozilla Suite binary users should upgrade to the latest version:

emerge --sync
emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.7"

For more information, please see the referenced Gentoo Linux advisory.

Turbolinux has released advisory TLSA-2005-49 to address this, and other issues in Mozilla. Users of affected packages are urged to utilize the 'turbopkg', or 'zabom' tools to obtain fixes. Please see the referenced advisory for further information.

RedHat has released advisory RHSA-2005:383-07 to address this, and other issues in RedHat Enterprise Linux, and RedHat Desktop Linux. Please see the referenced advisory for further information.

Red Hat has released advisory RHSA-2005:386-08 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.

Red Hat has released advisory RHSA-2005:384-11 and fixes to address this
and other issues on Red Hat Linux Enterprise platforms. Customers who are
affected are advised to apply the appropriate updates. Customers
subscribed to the Red Hat Network may apply the appropriate fixes using
the Red Hat Update Agent (up2date). Please see the referenced advisory for
additional information.

SGI has released an advisory 20050501-01-U including updated SGI ProPack 3 Service Pack 5 packages to address this BID and other issues. Please see the referenced advisory for more information.

Ubuntu has released advisory USN-124-1 to address this, and other issues. Please see the referenced advisory for further information.

Ubuntu Linux has released an updated advisory (USN-124-2) addressing this issue. Please see the referenced advisory for details on obtaining and applying the appropriate updates.

Mandriva has released advisory MDKSA-2005:088 and fixes to address this issue. Please see the referenced advisory for links to fixed packages.

Mandriva has released an updated advisory MDKSA-2005:088-1 and updated fixes to address a bug in the initial release of the fixes. Please see the referenced advisory for links to fixed packages.

RedHat Fedora Legacy has released advisory FLSA:152883 addressing this and other issues for RedHat Linux 7.3, 9 and for Fedora Core 1 and Core 2. Please see the referenced advisory for details on obtaining and applying the appropriate updates.

Netscape Browser 8.0 has been released to address various security issues. Please see the vendor advisory in Web references for more information.

HP advisory HPSBUX01133 (SSRT5940 rev.1 - HP-UX Mozilla remote, unauthorized user may execute privileged code) is available to address various issues affecting Mozilla. Please see the referenced advisory for more information.


Mozilla Browser 1.7:
Mozilla Upgrade Suite 1.7.7

Mozilla Browser 1.7 alpha:
Mozilla Upgrade Suite 1.7.7

Mozilla Browser 1.7 beta:
Mozilla Upgrade Suite 1.7.7

Mozilla Browser 1.7 rc1:
Mozilla Upgrade Suite 1.7.7

Mozilla Browser 1.7 rc2:
Mozilla Upgrade Suite 1.7.7

Mozilla Browser 1.7 rc3:
Mozilla Upgrade Suite 1.7.7

Mozilla Browser 1.7.1:
Mozilla Upgrade Suite 1.7.7

Mozilla Browser 1.7.2:
Mozilla Upgrade Suite 1.7.7

Mozilla Browser 1.7.3:
Mozilla Upgrade Suite 1.7.7

Mozilla Browser 1.7.4:
Mozilla Upgrade Suite 1.7.7

Mozilla Browser 1.7.5:
Mozilla Upgrade Suite 1.7.7

Mozilla Browser 1.7.6:
Mozilla Upgrade Suite 1.7.7

Mozilla Firefox 0.8:
Mozilla Upgrade Firefox 1.0.3

Mozilla Firefox 0.9:
Mozilla Upgrade Firefox 1.0.3

Mozilla Firefox 0.9 rc:
Mozilla Upgrade Firefox 1.0.3

Mozilla Firefox 0.9.1:
Mozilla Upgrade Firefox 1.0.3

Mozilla Firefox 0.9.2:
Mozilla Upgrade Firefox 1.0.3

Mozilla Firefox 0.9.3:
Mozilla Upgrade Firefox 1.0.3

Mozilla Firefox 0.10 :
Mozilla Upgrade Firefox 1.0.3

Mozilla Firefox 0.10.1:
Mozilla Upgrade Firefox 1.0.3

Mozilla Firefox 1.0:
Mozilla Upgrade Firefox 1.0.3

Mozilla Firefox 1.0.1:
Mozilla Upgrade Firefox 1.0.3

Mozilla Firefox 1.0.2:
Mozilla Upgrade Firefox 1.0.3
Ubuntu Upgrade mozilla-firefox-dev_1.0.2-0ubuntu5.2_amd64.deb
Ubuntu Upgrade mozilla-firefox-dom-inspector_1.0.2-0ubuntu5.2_amd64.deb
Ubuntu Upgrade mozilla-firefox-gnome-support_1.0.2-0ubuntu5.2_amd64.deb
Ubuntu Upgrade mozilla-firefox_1.0.2-0ubuntu5.2_amd64.deb
Ubuntu Upgrade mozilla-firefox-dev_1.0.2-0ubuntu5.2_i386.deb
Ubuntu Upgrade mozilla-firefox-dom-inspector_1.0.2-0ubuntu5.2_i386.deb
Ubuntu Upgrade mozilla-firefox-gnome-support_1.0.2-0ubuntu5.2_i386.deb
Ubuntu Upgrade mozilla-firefox_1.0.2-0ubuntu5.2_i386.deb
Ubuntu Upgrade mozilla-firefox-dev_1.0.2-0ubuntu5.2_ia64.deb
Ubuntu Upgrade mozilla-firefox-dom-inspector_1.0.2-0ubuntu5.2_ia64.deb
Ubuntu Upgrade mozilla-firefox-gnome-support_1.0.2-0ubuntu5.2_ia64.deb
Ubuntu Upgrade mozilla-firefox_1.0.2-0ubuntu5.2_ia64.deb
Ubuntu Upgrade mozilla-firefox-dev_1.0.2-0ubuntu5.2_powerpc.deb
Ubuntu Upgrade mozilla-firefox-dom-inspector_1.0.2-0ubuntu5.2_powerpc.deb
Ubuntu Upgrade mozilla-firefox-gnome-support_1.0.2-0ubuntu5.2_powerpc.deb
Ubuntu Upgrade mozilla-firefox_1.0.2-0ubuntu5.2_powerpc.deb

Netscape 7.0 :
Netscape Upgrade Netscape 8.0

Netscape 7.1:
Netscape Upgrade Netscape 8.0

Netscape 7.2:
Netscape Upgrade Netscape 8.0
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube