Critical Flaws Flagged in Mozilla, Thunderbird

The Mozilla Project has issued a warning for a series of “highly critical” security holes in three of its core projects, including its flagship Firefox Web browser and the Thunderbird e-mail client.

The vulnerabilities, which also affect the Mozilla browser, could potentially exploited by malicious people to conduct cross-site scripting attacks, access and modify sensitive information, and compromise a user’s system.

The open-source group has already fixed the bugs and are urging users to upgrade to Mozilla 1.7.3, Firefox 1.0PR and Thunderbird 0.8.

The news comes just days after the open-source project issued a preview release of Firefox 1.0, which includes an RSS reader that displays “live bookmarks, a new “Find” tool and an updated plug-in installer.

An advisory released by Secunia warned that the flaws carry a “highly critical” rating.

Secunia listed seven vulnerabilities that affect the Mozilla products, including various boundary errors that can be exploited to cause heap-based buffer overflows when a specially crafted e-mail is forwarded or opened.

A successful attack could lead to the execution of malicious code to completely hijack a vulnerable machine.

Another flaw exists where insufficient restrictions on script generated events on text fields can be exploited to read and write content from and to the clipboard.

Secunia also warned of a problem with overly long links containing a non-ASCII characters that can be exploited via a malicious Web site or e-mail to cause a buffer overflow.

“An integer overflows when parsing and displaying BMP files can potentially be exploited to execute arbitrary code by supplying an overly wide malicious BMP image via a malicious website or in an e-mail,” the research firm said.

It also highlighted a problem with the way Mozilla allows the dragging of links to another window or frame. “This can be exploited by tricking a user on a malicious Web site to drag a specially crafted javascript link to another window,” Secunia said, warning that a malicious attacker could execute script code in the context of that window. “Further exploitation can in combination with another unspecified vulnerability lead to execution of arbitrary code,” the company added.

Ryan Naraine
Ryan Naraine
Ryan Naraine is an eSecurity Planet, ServerWatch, and eWEEK contributor.

Top Products

Related articles