Notizie: puoi sempre seguire i nostri aggiornamenti su Twitter (@MozillaItalia) e Facebook (/MozillaItalia)

Autore Topic: SecutityFocus: Una carrellata di vulnerabilità su Mozilla  (Letto 4012 volte)

0 Utenti e 1 Visitatore stanno visualizzando questo topic.

Offline Gioxx

  • Amministratore
  • Post: 7732
    • Gioxx's Wall
Sembra un mega allarme quello scatenato dal sito SecurityFocus.com, una fra le autorità in fatto di sicurezza reperibile sulla grande rete. Ma quello che sembra essere un boom di bachi sui prodotti Mozilla, si rivela un autentico flop. Infatti tutte le vulnerabilità rese pubbliche, non comprendono tra i sw vulnerabili, l'ultima versione di FireFox (1.0), di Mozilla Suite (1.7.5) e Mozilla ThunderBird (1.0).

Ma andiamo ad analizzare le vulnerabilità con un pò più di calma:

Mozilla Browser Network News Transport Protocol Remote Heap Overflow Vulnerability

Vulnerabilità scoperta il: Dec 29, 2004 quando già erano presenti FireFox 1.0 e Mozilla Suite 1.7.5

Exploit:
Codice: [Seleziona]
<html>
<script>
i = "news://news.individual.net/AAAAAAAAAAAAAA?";
for(l = 0; l < 16376; l++)
i=i+"A";
i=i+"/?profile/";
for(l = 0; l < 16384; l++)
i=i+"A";
i=i+"\\";
window.open(i);
</script>
</html>


SW Vulnerabili:
  • Mozilla Browser 1.0

   + MandrakeSoft Linux Mandrake 8.2
   + MandrakeSoft Linux Mandrake 8.2 ppc
   + RedHat Linux 8.0
   + RedHat Linux 8.0 i386
  • Mozilla Browser 1.0.1
  • Mozilla Browser 1.0.2

   + RedHat Advanced Workstation for the Itanium Processor 2.1
   + RedHat Enterprise Linux AS 2.1
   + RedHat Enterprise Linux AS 2.1 IA64
   + RedHat Enterprise Linux ES 2.1
   + RedHat Enterprise Linux ES 2.1 IA64
   + RedHat Enterprise Linux WS 2.1
   + RedHat Enterprise Linux WS 2.1 IA64
   + Sun Linux 5.0.7
  • Mozilla Browser 1.1
  • Mozilla Browser 1.2
  • Mozilla Browser 1.2.1
  • Mozilla Browser 1.3
  • Mozilla Browser 1.3.1
  • Mozilla Browser 1.4 b
  • Mozilla Browser 1.4 a
  • Mozilla Browser 1.4

   + MandrakeSoft Linux Mandrake 9.2
   + MandrakeSoft Linux Mandrake 9.2 amd64
  • Mozilla Browser 1.4.1
  • Mozilla Browser 1.4.2
  • Mozilla Browser 1.5
  • Mozilla Browser 1.5.1
  • Mozilla Browser 1.6
  • Mozilla Browser 1.7 rc3
  • Mozilla Browser 1.7 rc2
  • Mozilla Browser 1.7 rc1
  • Mozilla Browser 1.7
  • Mozilla Browser 1.7.1
  • Mozilla Browser 1.7.2
  • Mozilla Browser 1.7.3
  • [/list:u]

Citazione
A remote heap overflow vulnerability affects Mozilla Browser's network news transport protocol (NNTP) functionality. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into dynamically allocated process buffers.

An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.


http://www.securityfocus.com/bid/12131/info/

FireFox 1.0 e Mozilla Suite 1.7.5 passano tranquillamente il test di vulnerabilità.
________________________________________________________

Mozilla Temporary File Insecure Permissions Information Disclosure Vulnerability

Vulnerabilità scoperta il: Oct 25, 2004 e aggiornata il     Jan 05, 2005 quando già sono presenti FireFox 1.0 e Mozilla Suite 1.7.5

Exploit:
Codice: [Seleziona]
An exploit is not required / Non è richiesto alcun exploit

SW Vulnerabili:
  • Mozilla Browser 1.7 rc3
  • Mozilla Browser 1.7 rc2
  • Mozilla Browser 1.7 rc1
  • Mozilla Browser 1.7 beta
  • Mozilla Browser 1.7 alpha
  • Mozilla Browser 1.7
  • Mozilla Browser 1.7.1
  • Mozilla Browser 1.7.2
  • Mozilla Browser 1.7.3
  • Mozilla Browser 1.8 Alpha 4
  • Mozilla Browser 1.8 Alpha 3
  • Mozilla Browser 1.8 Alpha 2
  • Mozilla Browser 1.8 Alpha 1
  • Mozilla Firefox Preview Release
  • Mozilla Firefox 0.9 rc
  • Mozilla Firefox 0.9
  • Mozilla Firefox 0.9.1
  • Mozilla Firefox 0.9.2
  • Mozilla Firefox 0.9.3
  • Mozilla Firefox 0.10
  • Mozilla Firefox 0.10.1
  • Mozilla Thunderbird 0.6
  • Mozilla Thunderbird 0.7
  • Mozilla Thunderbird 0.7.1
  • Mozilla Thunderbird 0.7.2
  • Mozilla Thunderbird 0.7.3
  • Mozilla Thunderbird 0.8
  • [/list:u]

Citazione
Mozilla, Mozilla Firefox, and Mozilla Thunderbird are all reported susceptible to an information disclosure vulnerability. This issue is due to a failure of the applications to properly ensure secure file permissions on temporary files located in world-accessible locations.

This vulnerability allows local attackers to gain access to the contents of potentially sensitive files. This may aid them in further attacks.


http://www.securityfocus.com/bid/11522/info/

Mozilla FireFox 1.0, ThunderBird 1.0 e Suite 1.7.5 non risultano vulnerabili
________________________________________________________

Multiple Browser IMG Tag Multiple Vulnerabilities
Si tratta di un baco decisamente più serio e che affligge anche i prodotti MS oltre che quelli Mozilla.

Vulnerabilità scoperta il: Nov 10, 2004 quando già era presente FireFox 1.0

Exploit:
Codice: [Seleziona]
The following proof of concept is available:
<img src="file:///c|/nonexistent/content.gif">
<img src="file:///c|/windows/content.gif">

<script>
onload =function(){
incl=(document.images[0].width!=document.images[1].width)? "" :"not ";
alert("Windows is "+ incl +"installed in C:/WINDOWS/");
}
</script>


SW Vulnerabili:
  • Microsoft Internet Explorer 6.0 SP2
  • Microsoft Internet Explorer 6.0 SP1
  • Microsoft Internet Explorer 6.0

   - Microsoft Windows 2000 Advanced Server
   - Microsoft Windows 2000 Advanced Server SP1
   - Microsoft Windows 2000 Advanced Server SP2
   - Microsoft Windows 2000 Datacenter Server
   - Microsoft Windows 2000 Datacenter Server SP1
   - Microsoft Windows 2000 Datacenter Server SP2
   - Microsoft Windows 2000 Professional
   - Microsoft Windows 2000 Professional SP1
   - Microsoft Windows 2000 Professional SP2
   - Microsoft Windows 2000 Server
   - Microsoft Windows 2000 Server SP1
   - Microsoft Windows 2000 Server SP2
   - Microsoft Windows 2000 Terminal Services
   - Microsoft Windows 2000 Terminal Services SP1
   - Microsoft Windows 2000 Terminal Services SP2
   - Microsoft Windows 98
   - Microsoft Windows 98SE
   - Microsoft Windows ME
   - Microsoft Windows NT Enterprise Server 4.0 SP6a
   - Microsoft Windows NT Server 4.0 SP6a
   - Microsoft Windows NT Workstation 4.0 SP6a
   + Microsoft Windows Server 2003 Datacenter Edition
   + Microsoft Windows Server 2003 Datacenter Edition 64-bit
   + Microsoft Windows Server 2003 Enterprise Edition
   + Microsoft Windows Server 2003 Enterprise Edition 64-bit
   + Microsoft Windows Server 2003 Standard Edition
   + Microsoft Windows Server 2003 Web Edition
   + Microsoft Windows XP Home
   + Microsoft Windows XP Professional
  • Mozilla Firefox 0.8
  • Mozilla Firefox 0.9 rc
  • Mozilla Firefox 0.9
  • Mozilla Firefox 0.9.1
  • Mozilla Firefox 0.9.2
  • Mozilla Firefox 0.9.3
  • Mozilla Firefox 0.10
  • Mozilla Firefox 0.10.1
  • Netscape Navigator 7.0
  • Netscape Navigator 7.0.2
  • Netscape Navigator 7.1
  • Netscape Navigator 7.2
  • Netscape Netscape 7.0
  • [/list:u]

Citazione
Various browsers are reported prone to multiple vulnerabilities in the image handling functionality through the tag. These issues can allow remote attackers to determine the existence of local files, cause a denial of service condition, and disclose passwords for Windows systems via file shares.

Mozilla Firefox 0.10.1 and prior versions are reported vulnerable to these issues. It is alleged that Microsoft Internet Explorer and Netscape Browsers are also vulnerable to these issues. Due to this vulnerable packages for Internet Explorer and Netscape have been added. This BID will be updated as more information becomes available.


http://www.securityfocus.com/bid/11648/info/

Mozilla FireFox 1.0 supera tranquillamente i test di vulnerabilità al contrario di Internet Explorer 6 SP2 su Windows XP PRO SP2
________________________________________________________

Mozilla Firefox Download Dialogue Box File Name Spoofing Vulnerability

Vulnerabilità scoperta il: Nov 10, 2004 quando giè era disponibile Mozilla FireFox 1.0

Exploit:
Codice: [Seleziona]
An exploit is not required / Non è richiesto alcun exploit

SW Vulnerabili:
  • Mozilla Firefox 0.8
  • Mozilla Firefox 0.9
  • Mozilla Firefox 0.9.1
  • Mozilla Firefox 0.9.2
  • Mozilla Firefox 0.9.3
  • Mozilla Firefox 0.10
  • Mozilla Firefox 0.10.1
  • [/list:u]

Citazione
A download dialogue box file name spoofing vulnerability affects Mozilla Firefox. This issue is due to a design error that facilitates the spoofing of file names.

An attacker may leverage this issue to spoof downloaded file names to unsuspecting users. This issue may lead to a compromise of the target computer as well as other consequences.

NOTE: This issue has been fixed by reducing the number of space characters displayed in the dialogue box. It should be noted that this issue may still be triggered by using other characters to fill the space such as non-displayable characters and even extremely long file names. Users should be cautious about downloading files with the affected application.


http://www.securityfocus.com/bid/11643/info/

Mozilla FireFox 1.0 non risulta vulnerabile
________________________________________________________

Mozilla Firefox Insecure Default Installation Vulnerability

Vulnerabilità scoperta il: Nov 10, 2004 quando già era disponibile Mozilla FireFox 1.0

Exploit:
Codice: [Seleziona]
An exploit is not required / Non è richiesto alcun exploit

SW Vulnerabili:
  • Mozilla Firefox 0.8
  • Mozilla Firefox 0.9
  • Mozilla Firefox 0.9.1
  • Mozilla Firefox 0.9.2
  • Mozilla Firefox 0.9.3
  • Mozilla Firefox 0.10
  • Mozilla Firefox 0.10.1
  • [/list:u]

Citazione
Mozilla Firefox is a Web browser developed and supported by the Mozilla Organization. It is freely available for most UNIX and Linux based operating systems as well as Microsoft Windows.

An insecure default installation vulnerability affects Mozilla Firefox. This issue is due to a failure of the application to place secure permissions on installed files. It should be noted that this issue only affects the vulnerable application installed on the Apple Mac OS X platform.

An unsuspecting user that double-clicks on such an affected application may have attacker-specified code executing with their privileges, potentially facilitating privilege escalation.


http://www.securityfocus.com/bid/11644/info/

Mozilla FireFox 1.0 non risulta vulnerabile
________________________________________________________



Questo è quanto. Spero che abbiate l'ultima versione di FireFox! Buon lavoro a tutti.

Saluti.

Offline maxum

  • Post: 151
SecutityFocus: Una carrellata di vulnerabilità su Mozilla
« Risposta #1 il: 09 Gennaio 2005 13:08:26 »
mi sembra un complotto!!!
sollevare agli occhi tutte queste vulnerabilità...  mi sembra strano!

Offline halifax

  • Post: 5904
SecutityFocus: Una carrellata di vulnerabilità su Mozilla
« Risposta #2 il: 27 Gennaio 2005 16:38:35 »
:? La fondazione mozilla ha diffuso la lista dei  bug corretti nei suoi prodotti:
http://www.mozilla.org/projects/security/known-vulnerabilities.html
Ciao :)

0 Utenti e 1 Visitatore stanno visualizzando questo topic.