New Mozilla Flaws Exposed
Security firms report three new ones this week.
A trio of newly exposed flaws in Mozilla browsers (including Firefox) was announced this week by a number of different security researchers.
The download spoofing flaw was reported by security firm Secunia this week. This flaw could allow a malicious user to make a downloaded file appear to be coming from a different source than it actually is, which could be used to trick users into downloading something that they're not expecting.
Bugzilla, Mozilla's bug tracking system, has assigned repair responsibility to Mozilla staffer Ben Goodger. According to Mozilla, the bug carries a "normal" severity rating; Secunia has currently rated it as "less critical." Users are warned not to download material from untrusted sources.
Polish security research firm iSEC reported a buffer overflow bug with the NNTP (newsgroup protocol). The vulnerability could allow an attacker to potentially execute arbitrary code when a news:// connection is triggered. The bug exists on at least Mozilla 1.7.3 and, according to the Mozilla Foundation, it has been fixed in version 1.7.5.
According to iSEC's advisory, Mozilla developer Dan Veditz claimed that the bug cannot be exploitable in a Bugzilla posting. ISEC researcher Maurycy Prodeus, who wrote the advisory, issued proof of concept code that worked in his test bed environment.
"On my RedHat 9.0 with Mozilla 1.7.3 attached proof of concept code overflows the buffer using attacker-supplied data," Prodeus wrote. "I decided to make this bug public because Mozilla Team hasn't warned users."
A third Mozilla vulnerability reported by security firms ptraced.net and Gentoo Foundation has revealed a potential problem with the way Mozilla Thunderbird and Firefox handle temporary files. Martin from ptraced.net discovered that temporary files in Thunderbird 0.8 and 0.9.3 were stored with predictable names in a world-readable format, which could potentially expose a user to risk.
Based on five advisories issued by security research firm Secunia since August 2004, 80 percent currently remain unpatched. Secunia stats also illustrate a small level of user risk, with 80 percent of advisories in the same period bearing a "Less Critical" label and 0 percent of them being rated as extremely critical (20 percent were rated as moderately critical).