New Mozilla Flaws Exposed

A trio of newly exposed flaws in Mozilla browsers (including Firefox) was
announced this week by a number of different security researchers.

The download spoofing flaw
was reported by security firm Secunia this
week. This flaw could allow a malicious user to make a downloaded
file appear to be coming from a different source than it actually is, which
could be used to trick users into downloading something that they’re not
expecting.

Bugzilla, Mozilla’s bug tracking system, has assigned repair responsibility
to Mozilla staffer Ben Goodger. According to Mozilla, the bug
carries a “normal” severity rating; Secunia has currently rated it as “less
critical.” Users are warned not to download material from untrusted sources.

Polish security research firm iSEC reported
a buffer overflow bug with the NNTP (newsgroup
protocol). The vulnerability could allow an attacker to potentially execute
arbitrary code when a news:// connection is triggered. The bug exists on at
least Mozilla 1.7.3 and, according to the Mozilla Foundation, it has been fixed
in version 1.7.5.

According to iSEC’s advisory, Mozilla developer Dan Veditz claimed that the bug cannot be exploitable in a
Bugzilla posting. ISEC researcher Maurycy Prodeus, who wrote the advisory, issued proof of concept code that
worked in his test bed environment.

“On my RedHat 9.0 with Mozilla 1.7.3 attached proof of concept code
overflows the buffer using attacker-supplied data,” Prodeus wrote. “I
decided to make this bug public because Mozilla Team hasn’t warned users.”

A third Mozilla vulnerability reported by security firms
ptraced.net
and Gentoo Foundation
has revealed a potential problem with the way Mozilla
Thunderbird and Firefox handle temporary files. Martin from
ptraced.net discovered that temporary files in Thunderbird 0.8 and 0.9.3
were stored with predictable names in a world-readable format, which could
potentially expose a user to risk.

Based on five advisories issued by security research firm Secunia since
August 2004, 80 percent currently remain unpatched.
Secunia stats also illustrate a small level of user
risk, with 80 percent of advisories in the same period bearing a “Less
Critical” label and 0 percent of them being rated as extremely critical (20
percent were rated as moderately critical).

News Around the Web