Mozilla Issues Fixes For Two Firefox Bugs - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Information Management

Mozilla Issues Fixes For Two Firefox Bugs

Mozilla releases Firefox version 2.0.0.6 right before it's expected to announce new security tools at this week's BlackHat security conference.

Still battling vulnerabilities that could allow the Firefox browser to pass dangerous data to third-party applications like Microsoft's Internet Explorer, Mozilla this week released Firefox 2.0.0.6 to fix the problem.

In mid-July, Mozilla released Firefox 2.0.0.5 with patches for several vulnerabilities, including the "highly critical" security bug that has been plaguing both Firefox and Microsoft's Internet Explorer. On Monday, the open-source group shipped workarounds and patches for two related bugs.

The fixes come right before the opening of the BlackHat security conference in Las Vegas this week. Mozilla is expected to release additional security tools there.

One fix -- MFSA 2007-27 -- takes care of an issue where Mozilla did not percent-encode spaces and double-quotes in URIs handed off to external programs for handling. Mozilla tipped its hat to Jesper Johansson, a researcher the group credits with discovering the problem. The flaw, Mozilla noted in the advisory, means receiving programs can mistakenly interpret a single URI as multiple arguments, and with version 2.0.0.4 and older of Firefox and Thunderbird, it could be used to run arbitrary code.

"A similar issue with URIs passed to external handlers was reported by Billy Rios and Nate McFeters," noted the Mozilla advisory. "When running Firefox on Windows XP with IE7 installed, URIs for certain common protocols (such as mailto:) that contain a %00 do not launch the protocol handler registered for that scheme, but instead launch a file handling program based on the file extension at the end of the URI. Coupled with the issue reported by Jesper Johansson, this appears to allow execution of any program installed at a known location and limited argument passing that might be enough to exploit a system."

The second, and smaller, fix -- MFSA 2007-26 -- corrects a bug that was introduced by the fix for MFSA 2007-20. The vulnerability could enable privilege escalation attacks against add-ons that create "about:blank" windows. A Mozilla researcher, called moz_bug_r_a4, is credited with reporting this bug.

After days of fervent online debate, Mozilla admitted about a week ago that Firefox was as much to blame as IE for the problem that caused dangerous data to be passed to third-party applications.

When the issue first came to light earlier this month, security researcher Thor Larholm called the problem an input validation flaw. He explained in a blog post that when Firefox is installed on a system, it registers a URL protocol handler. When IE encounters a reference to content inside the FirefoxURL URL scheme, it calls ShellExecute with the EXE image path and passes the entire request URL without any input validation.

That means if someone using IE visits a Web page that tries to call a Firefox URL, the Microsoft browser will launch Firefox with no other prompting, passing it the URL. Neither browser, according to Mozilla, sanitizes the URL, which would allow an attacker to make Firefox execute malicious JavaScript code. The user would have to visit a maliciously crafted Web page or open a malicious e-mail. User interaction is required.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
Commentary
If DevOps Is So Awesome, Why Is Your Initiative Failing?
Guest Commentary, Guest Commentary,  12/2/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll