ITS ADVISORY NUMBER:
Multiple Vulnerabilities in Mozilla Products Could Allow Remote Code Execution
Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, and SeaMonkey applications, which could allow remote code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Thunderbird is an e-mail client. Mozilla SeaMonkey is a cross platform Internet suite of tools ranging from a web browser to an e-mail client. Successful exploitation of these vulnerabilities could result in either an attacker gaining the same privileges as the logged on user, or gaining session authentication credentials. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.
- Firefox versions prior to 17.0
- Firefox Extended Support Release (ESR) versions prior to 10.0.11
- Thunderbird versions prior to 17.0
- Thunderbird Extended Support Release (ESR) versions prior to 10.0.11
- SeaMonkey versions prior to 2.14
- Large and medium government entities: High
- Small government entities: High
- Large and medium business entities: High
- Small business entities: High
Home users: High
Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, and SeaMonkey. The details of these vulnerabilities are as follows:
- Multiple memory-corruption vulnerabilities in the browser engine that could lead to arbitrary code execution. These issues affect Firefox, Thunderbird, and SeaMonkey. [MFSA 2012-91- CVE-2012-5842, CVE-2012-5843]
- A buffer overflow vulnerability occurs while rendering GIF format images. This issue affects Firefox, Thunderbird, and SeaMonkey.[MFSA 2012-92 - CVE-2012-4202]
- A cross-site scripting vulnerability occurs when the 'evalInSandbox()' function sets a 'location.href' location reference. This issue affects Firefox, Thunderbird, and SeaMonkey.[MFSA 2012-93 - CVE-2012-4201]
- A denial-of-service vulnerability occurs when the SVG text on a path is combined with the setting of CSS properties. This issue affects Firefox, Thunderbird, and SeaMonkey.[MFSA 2012-94 - CVE-2012-5836]
- A cross-site request forgery vulnerability and an information leakage vulnerability occur when 'XMLHttpRequest' objects created within sandboxes have the system principal instead of the sandbox principal. This issue affects Firefox, Thunderbird, and SeaMonkey.[ MFSA 2012-97 - CVE-2012-4205]
- A DLL hijacking vulnerability occurs that leads to arbitrary code execution from a privileged account. This issue affects Firefox. [MFSA 2012-98- CVE-2012-4206]
- A security-bypass vulnerability occurs because 'XrayWrappers' object exposes chrome-only properties even when not present in a chrome compartment. [MFSA 2012-99 - CVE-2012-4208]
- A cross-site scripting vulnerability occurs due to improper security filtering for cross-origin wrappers. [MFSA 2012-100 - CVE-2012-5841]
- A cross-site scripting vulnerability occurs due to improper character decoding in the HZ-GB-2312 charset. [MFSA 2012-101 - CVE-2012-4207]
- An arbitrary code execution vulnerability and a cross-site scripting vulnerability occur when the script entered into the Developer Toolbar runs with chrome privileges. This issue affects Firefox. [MFSA 2012-102 - CVE-2012-5837]
- A cross-site scripting vulnerability occurs when the location property is set to top and can be accessed by binary plugins through top.location with a frame. [MFSA 2012-103 - CVE-2012-4209]
- A CSS and HTML injection vulnerability occurs when a maliciously crafted stylesheet is inspected in the Style Inspector. This issue affects Firefox. [MFSA 2012-104 - CVE-2012-4210]
- Multiple buffer overflow and user-after free vulnerabilities occur that lead to remote code execution. [MFSA 2012-105 - CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5839, CVE-2012-5840, CVE-2012-4212, CVE-2012-4213, CVE-2012-4217, CVE-2012-4218]
- Multiple buffer overflow and user-after free vulnerabilities occur that lead to remote code execution. [MFSA 2012-106 - CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5838]
Successful exploitation of these vulnerabilities could result in either an attacker gaining the same privileges as the logged on user, or gaining session authentication credentials. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend the following actions be taken:
- Upgrade vulnerable Mozilla products immediately after appropriate testing.
- Remind users not to visit untrusted websites or follow links provided by unknown or untrusted sources.
- Remind users not to open e-mail attachments from unknown users or suspicious e-mails from trusted sources.
- Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
- Cyber Security Home
- Incident Reporting
- Breach Notification
- Cyber Advisories
- NYS Digital Forensics
- Cyber Tips Newsletter
- Keeping Kids Safe Online
- Local Government
- Policies and Resources
- NY-ISAC Secure Portal