Maybe someone can explain what "have been fixed in the CVS repository" means. I don't know what good that does those that are using FF or Mozilla, unless that means that a "nightly build" has the patch in it. Note that FF is LESS SECURE than IE. 75% of FF vulnerabilities have NOT been fixed! http://secunia.com/product/4227/ -------------------------
TITLE: Mozilla / Firefox Three Vulnerabilities SECUNIA ADVISORY ID: SA14160 VERIFY ADVISORY: http://secunia.com/advisories/14160/ CRITICAL: Less critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data WHERE: >From remote SOFTWARE: Mozilla Firefox 1.x http://secunia.com/product/4227/ Mozilla Firefox 0.x http://secunia.com/product/3256/ Mozilla 1.7.x http://secunia.com/product/3691/ Mozilla 1.6 http://secunia.com/product/3101/ Mozilla 1.5 http://secunia.com/product/2478/ Mozilla 1.4 http://secunia.com/product/1481/ Mozilla 1.3 http://secunia.com/product/1480/ Mozilla 1.2 http://secunia.com/product/3100/ Mozilla 1.1 http://secunia.com/product/98/ Mozilla 1.0 http://secunia.com/product/97/ Mozilla 0.x http://secunia.com/product/772/ DESCRIPTION: mikx has discovered three vulnerabilities in Mozilla and Firefox, which can be exploited by malicious people to plant malware on a user's system, conduct cross-site scripting attacks and bypass certain security restrictions. 1) Mozilla and Firefox validate an image against the "Content-Type" HTTP header, but uses the file extension from the URL when saving an image after a drag and drop event. This can e.g. be exploited to plant a valid image with an arbitrary file extension and embedded script code (e.g. .bat file) on the desktop by tricking a user into performing a certain drag and drop event. 2) Missing URI handler validation when dragging a "javascript:" URL to another tab can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an arbitrary site by tricking a user into dragging a malicious link to another tab. 3) An error in the restriction of URI handlers loaded via plugins can be exploited to link to certain restricted URIs (e.g. about:config). This can further be exploited to trick a user into changing some sensitive configuration settings. The vulnerabilities have been confirmed in Mozilla 1.7.5 and Firefox 1.0. Other versions may also be affected. SOLUTION: The vulnerabilities have been fixed in the CVS repository. ORIGINAL ADVISORY: 1) http://www.mikx.de/index.php?p=8 2) http://www.mikx.de/index.php?p=9 3) http://www.mikx.de/index.php?p=10 OTHER REFERENCES: 1) https://bugzilla.mozilla.org/show_bug.cgi?id=279945 2) https://bugzilla.mozilla.org/show_bug.cgi?id=280056 3) https://bugzilla.mozilla.org/show_bug.cgi?id=280664 ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
