Home / Cyber Advisories

---

MS-ISAC ADVISORY NUMBER:
2009-036

DATE(S) ISSUED:
6/16/2009

SUBJECT:
Multiple Vulnerabilities in Mozilla Firefox, SeaMonkey, and Thunderbird could allow for Remote Code Execution

OVERVIEW:

Multiple vulnerabilities have been discovered in the Mozilla Firefox, SeaMonkey, and Thunderbird applications which could allow remote code execution. The Mozilla Firefox and Thunderbird applications are used to browse the web, and handle email respectively. SeaMonkey is a cross platform Internet suite of tools ranging from a web browser to an email client.

The Mozilla suite of applications (Firefox, SeaMonkey, and Thunderbird) utilize the same framework to display application specific information (e.g. HTML pages, emails, IRC chats). Exploitation can occur if a user visits a webpage or opens a malicious file specifically crafted to take advantage of these vulnerabilities. Successful exploitation could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user account, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploit attempts may result in a denial-of-service condition.

SYSTEMS AFFECTED:

• Mozilla Firefox 0.8.0 - 3.0.10
• Mozilla SeaMonkey 1.0 - 1.1.9
• Mozilla Thunderbird 0.6.0 - 2.0.0.21
  

RISK:

Government:
Large and medium government entities: High
Small government entities: High

Businesses:
Large and medium business entities: High
Small business entities: High

Home users: High

DESCRIPTION:
Multiple vulnerabilities exist in Mozilla Firefox, Thunderbird and the SeaMonkey suite that could allow remote code execution. These vulnerabilities all involve memory corruption due to the following three issues: invalid parameters, excessive data, and window/frame location.

The first two vulnerabilities exist in the parsing functions which are embedded in the browsing engine related to: window location, unicode issues, listbox data listing, style issues, and built-in HTML editing. The final vulnerability exists due to the improper handling of parameters as a result of a double frame construction, which could lead to a browser crash. A web page containing a large amount of data, erroneous memory addresses, or machine code could exploit these vulnerabilities.

These vulnerabilities can be exploited if a user visits a malicious webpage or opens a malicious file, including e-mail attachments, using a vulnerable version of Mozilla Firefox/Thunderbird/SeaMonkey. Successful exploitation may result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploit attempts may result in denial-of-service conditions.

Note: A patch is available for these vulnerabilities and with the exception of the primary browser engine issue, no exploit code is available. At this time we have not received any reports of these vulnerabilities being exploited.

RECOMMENDATIONS:
We recommend the following actions be taken:

• Do not visit un-trusted websites or follow links provided by unknown or un-trusted sources.
• Configure email-clients to view messages in plain-text format, rather than RTF or HTML format.
• Apply the appropriate update to vulnerable systems immediately after appropriate testing.

REFERENCES:

Security Focus:
http://www.securityfocus.com/bid/35370
http://www.securityfocus.com/bid/35371
http://www.securityfocus.com/bid/35372

Mozilla:
http://www.mozilla.org/security/announce/2009/mfsa2009-24.html

Secunia:
http://secunia.com/advisories/35331/

CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1832

Copyright © 2010 - Privacy Policy - Contact Us