Get Firefox 3.5.6, Plug Critical Security Holes
The Mozilla Foundation released Firefox version 3.5.5 this November to make the browser a more stable and safer platform. No really, that’s all they said – that “Firefox 3.5.5 is now available for Windows, Mac, and Linux as a free download” and that users are “strongly recommend” to upgrade.
On the 15th of December, just as scheduled, the Mozilla Foundation started to push out Firefox 3.5.6 to users all over the world. This update is also meant to make Firefox safer and more stable – but this time we have a few more details. We know that on the security front, Firebox 3.5.6 fixes a total of 7 security vulnerabilities (3 critical). Let’s take a close look at these vulnerabilities.
Rating: Critical
Description: Several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances
Credit: Mozilla developers and community. Rating: Critical
Description: Several bugs in liboggplay which posed potential memory safety issues. The bugs could potentially be used by an attacker to crash a victim's browser and execute arbitrary code on their computer.
Credit: Mozilla Rating: Critical
Description: Integer overflow in the Theora video library. A video's dimensions were being multiplied together and used in particular memory allocations. When the video dimensions were sufficiently large, the multiplication could overflow a 32-bit integer resulting in too small a memory buffer being allocated for the video. An attacker could use a specially crafted video to write data past the bounds of this buffer, causing a crash and potentially running arbitrary code on a victim's computer.
Credit: Security Researcher Dan Kaminsky Rating: High
Description: NTLM credentials from one application could be forwarded to another arbitary application via the browser. If an attacker could get a user to visit a web page he controlled he could force NTLM authenticated requests to be forwarded to another application on behalf of the user.
Credit: Security researcher Takehiro Takahashi, IBM X-Force Rating: Moderate
Description: When a page loaded over an insecure protocol, such as http: or file:, sets its document.location to a https: URL which responds with a 204 status and empty response body, the insecure page will receive SSL indicators near the location bar, but will not have its page content modified in any way. This could lead to a user believing they were on a secure page when in fact they were not.
Credit: Security Researcher Jonathan Morgan Rating: Moderate
Description: a content window which is opened by a chrome window retains a reference to the chrome window via the window.opener property. Using this reference, content in the new window can access functions inside the chrome window, such as eval, and use these functions to run arbitrary JavaScript code with chrome privileges. There may be add-ons which open potentially hostile web-content in this way, and combined with such an add-on the severity of this flaw could be upgraded to Critical.
Credit: Security Researcher David James.
Rating: Low
Description: the exception messages generated by Mozilla's GeckoActiveXObject differ based on whether or not the requested COM object's ProgID is present in the system registry. A malicious site could use this vulnerability to enumerate a list of COM objects installed on a user's system and create a profile to track the user across browsing sessions.
Credit: Security Researcher Gregory Fleischer
If you would like to get Firefox 3.5.6, a download location is available here.
If you already have Firefox 3.5 installed on your machine, manually check for updates by clicking Help -> Check for Updates.
On the 15th of December, just as scheduled, the Mozilla Foundation started to push out Firefox 3.5.6 to users all over the world. This update is also meant to make Firefox safer and more stable – but this time we have a few more details. We know that on the security front, Firebox 3.5.6 fixes a total of 7 security vulnerabilities (3 critical). Let’s take a close look at these vulnerabilities.
Rating: Critical
Description: Several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances
Credit: Mozilla developers and community. Rating: Critical
Description: Several bugs in liboggplay which posed potential memory safety issues. The bugs could potentially be used by an attacker to crash a victim's browser and execute arbitrary code on their computer.
Credit: Mozilla Rating: Critical
Description: Integer overflow in the Theora video library. A video's dimensions were being multiplied together and used in particular memory allocations. When the video dimensions were sufficiently large, the multiplication could overflow a 32-bit integer resulting in too small a memory buffer being allocated for the video. An attacker could use a specially crafted video to write data past the bounds of this buffer, causing a crash and potentially running arbitrary code on a victim's computer.
Credit: Security Researcher Dan Kaminsky Rating: High
Description: NTLM credentials from one application could be forwarded to another arbitary application via the browser. If an attacker could get a user to visit a web page he controlled he could force NTLM authenticated requests to be forwarded to another application on behalf of the user.
Credit: Security researcher Takehiro Takahashi, IBM X-Force Rating: Moderate
Description: When a page loaded over an insecure protocol, such as http: or file:, sets its document.location to a https: URL which responds with a 204 status and empty response body, the insecure page will receive SSL indicators near the location bar, but will not have its page content modified in any way. This could lead to a user believing they were on a secure page when in fact they were not.
Credit: Security Researcher Jonathan Morgan Rating: Moderate
Description: a content window which is opened by a chrome window retains a reference to the chrome window via the window.opener property. Using this reference, content in the new window can access functions inside the chrome window, such as eval, and use these functions to run arbitrary JavaScript code with chrome privileges. There may be add-ons which open potentially hostile web-content in this way, and combined with such an add-on the severity of this flaw could be upgraded to Critical.
Credit: Security Researcher David James.
Rating: Low
Description: the exception messages generated by Mozilla's GeckoActiveXObject differ based on whether or not the requested COM object's ProgID is present in the system registry. A malicious site could use this vulnerability to enumerate a list of COM objects installed on a user's system and create a profile to track the user across browsing sessions.
Credit: Security Researcher Gregory Fleischer
If you would like to get Firefox 3.5.6, a download location is available here.
If you already have Firefox 3.5 installed on your machine, manually check for updates by clicking Help -> Check for Updates.
