# Mozilla Multiple Vulnerabilities



## jgvernonco (Sep 13, 2003)

Mozilla Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA10856

VERIFY ADVISORY:
http://secunia.com/advisories/10856/

CRITICAL:
Moderately critical

IMPACT:
Spoofing, Exposure of sensitive information, DoS, System access

WHERE:
From remote

SOFTWARE:
Mozilla Firefox 0.x
http://secunia.com/product/3256/
Mozilla 1.6
http://secunia.com/product/3101/
Mozilla 1.5
http://secunia.com/product/2478/
Mozilla 1.4
http://secunia.com/product/1481/
Mozilla 1.3
http://secunia.com/product/1480/
Mozilla 1.2
http://secunia.com/product/3100/
Mozilla 1.1
http://secunia.com/product/98/
Mozilla 1.0
http://secunia.com/product/97/
Mozilla 0.x
http://secunia.com/product/772/
Mozilla Thunderbird 0.x
http://secunia.com/product/2637/

DESCRIPTION:
The vendor has released details about some older vulnerabilities in
Mozilla, Mozilla Firefox, and Thunderbird. These can potentially be
exploited by malicious people to conduct spoofing attacks, compromise
a vulnerable system, or cause a DoS (Denial of Service).

1) Malicious POP3 mail servers can cause an heap overflow in Mozilla
and obtain system access.

2) A malicious page can appear to be encrypted and present the
certificate of another site.

3) Mozilla doesn't verify if stored credentials should be used for a
HTTPS or HTTP connection. This can potentially lead to the password
being sent over an unencrypted HTTP connection.

4) Certificate name matching is done insecurely for non-FQDNs (Fully
Qualified Domain Name), which may be used for spoofing attacks.

5) Malicious websites can interfere with the operations in other
windows and cause a DoS. However, it is not possible to alter or read
any data.

6) Users can be tricked into dragging text into obscured file upload
controls, resulting in theft of a local file from a known location.

7) The PNG library (libpng) contains an out-of-bounds read
vulnerability, which can be exploited by malicious people to cause a
DoS.

Some other older issues were also reported.

These vulnerabilities reportedly affect versions prior to the
following:
* Mozilla 1.7
* Firefox 0.9
* Thunderbird 0.7

NOTE: These issues have all been fixed by the vendor. However, the
details have not been disclosed earlier.

SOLUTION:
The vulnerabilities have reportedly been fixed in:
* Mozilla 1.7 and higher
* Firefox 0.9 and higher
* Thunderbird 0.7 and higher

PROVIDED AND/OR DISCOVERED BY:
1) zen-p****
2) Tolga Tarhan
3) Christopher Nebergall
4) Tim Dierks
5) Jesse Ruderman
6) Jesse Ruderman
7) Glenn Randers-Pehrson

OTHER REFERENCES:
1) http://bugzilla.mozilla.org/show_bug.cgi?id=229374
2) http://bugzilla.mozilla.org/show_bug.cgi?id=240053
3) http://bugzilla.mozilla.org/show_bug.cgi?id=226278
4) http://bugzilla.mozilla.org/show_bug.cgi?id=234058
5) http://bugzilla.mozilla.org/show_bug.cgi?id=86028
6) http://bugzilla.mozilla.org/show_bug.cgi?id=206859
7) http://bugzilla.mozilla.org/show_bug.cgi?id=242915


----------

