madison

Zero Day

Ryan Naraine and Dancho Danchev
Home / News & Blogs / Zero Day

Firefox dirty dozen: Mozilla patches 'critical' browser flaws

By | October 20, 2010, 7:43am PDT

Summary: Mozilla has released Firefox 3.6.11 with patches for a dozen security holes, some serious enough to launch attacks if a user simply surfs to a booby-trapped website.

Mozilla has released Firefox 3.6.11 with patches for a dozen security holes, some serious enough to launch attacks if a user simply surfs to a booby-trapped website.

In all, the open-source released nine bulletins documenting 12 security vulnerabilities.    Five of the bulletins are rated “critical,” meaning that those vulnerabilities can be exploited to run attacker code and install software, requiring no user interaction beyond normal browsing.

Here’s the raw information on the critical updates:

MFSA 2010-71 Unsafe library loading vulnerabilities:

follow Ryan Naraine on twitter

Mozilla developer Ehsan Akhgari reported that a function used to load external libraries on Windows platforms was using a relative path to a DLL-loading application and was thus vulnerable to binary planting if an attacker was able to place an executable of the same name in the current working directory or any of the other locations that Windows searches for executables.

Dmitri Gribenko reported that the script used to launch Mozilla applications on Linux was effectively including the current working directory in the LD_LIBRARY_PATH environment variable. If an attacker was able to place into the current working directory a malicious shared library with the same name as a library that the bootstrapping script depends on the attacker could have their library loaded instead of the legitimate library.

MFSA 2010-67 Dangling pointer vulnerability in LookupGetterOrSetter:

Security researcher regenrecht reported that when window.__lookupGetter__ is called with no arguments the code assumes the top JavaScript stack value is a property name. Since there were no arguments passed into the function, the top value could represent uninitialized memory or a pointer to a previously freed JavaScript object. Under such circumstances the value is passed to another subroutine which calls through the dangling pointer, potentially executing attacker-controlled memory.

MFSA 2010-66 Use-after-free error in nsBarProp

Security researcher Sergey Glazunov reported that it was possible to access the locationbar property of a window object after it had been closed. Since the closed window’s memory could have been subsequently reused by the system it was possible that an attempt to access the locationbar property could result in the execution of attacker-controlled memory.

MFSA 2010-65 Buffer overflow and memory corruption using document.write

Security researcher Alexander Miller reported that passing an excessively long string to document.write could cause text rendering routines to end up in an inconsistent state with sections of stack memory being overwritten with the string data. An attacker could use this flaw to crash a victim’s browser and potentially run arbitrary code on their computer.

MFSA 2010-64 Miscellaneous memory safety hazards

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

The update is being shipped via the browser’s auto-update mechanism.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Mozilla Firefox, Vulnerability, Security, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a security evangelist. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Talkback Most Recent of 46 Talkback(s)

  • RE: Firefox dirty dozen: Mozilla patches 'critical' browser flaws
    First one to upgrade at the office!
    ZDNet Gravatar
    Loverock Davidson
    20th Oct 2010
  • Love's Office moves away from IE to Open Source
    @Loverock Davidson
    Next they will be moving to OpenOffice from Oracle. Then it will be Linux.

    Riding with Penguins in a World of Glass and Fruit.
    Hooay!
    ZDNet Gravatar
    daikon
    20th Oct 2010
  • Except that Firefox is a great browser and gets work done
    - OpenOffice is not a good product when compared to Microsoft Office. One is just more refined than the other one. OpenOffice might be a great product for the small-time user, but not for a larger company.

    -A lot of companies need programs only Windows provides.
    ZDNet Gravatar
    Michael Alan Goff
    20th Oct 2010
  • Um, goff, Firefox works just fine with windows
    @Linux Rocks Open office is a good product. I would venture that most businesses would be able to do 99% of what they do now. The main differences comes from the abnormal file structures that microsoft employs to lock in the companies. Hell, most companies could likely do what they need with the office suite that existed back in 97, plus it would likely run a heck of a lot faster since it does not have the bloat factor.
    ZDNet Gravatar
    richard233
    20th Oct 2010
  • I know Firefox works with Windows
    I was more commenting to the comment that they should move to Linux. It might not be possible for them to, if they use programs that are Windows Only.

    I was actually saying that Firefox was a great browser.
    ZDNet Gravatar
    Michael Alan Goff
    20th Oct 2010
  • RE: Firefox dirty dozen: Mozilla patches 'critical' browser flaws
    @richard233,

    "The main differences comes from the abnormal file structures that microsoft employs to lock in the companies. Hell, most companies could likely do what they need with the office suite that existed back in 97, plus it would likely run a heck of a lot faster since it does not have the bloat factor."

    Or maybe Office is far superior when connecting to ERPs like SAP. Or including basic email/calendar functionality like Office includes with Outlook. Or business intelligence features/ECM when it integrates with SharePoint. So it looks like what you call bloat many business and enterprises name it functionality...
    ZDNet Gravatar
    dvm
    20th Oct 2010
  • "abnormal file structures"??? WTF?
    @richard233
    Funny thing how most office suite programs, including OpenOffice can open MS Office files without a whole lot of grief - most of the time. In fact the only time you DO find grief is when there's a feature embedded in the document that the other guys don't support very well. The file structures themselves are actually fairly well documented. DOCX files are nothing more than ZIP files with a specific layout. There are folders for text, graphics, fonts and formatting and XML files that link everything into a coherent document.

    Seems to me that if the format is THAT well documented, it's not Microsoft's fault other programs have problems rendering them.
    ZDNet Gravatar
    Wolfie2K3
    20th Oct 2010
  • Do these flaws affect linux systems or just Windows
    again
    ZDNet Gravatar
    Tom6
    20th Oct 2010
  • Re: Linux systems
    @Tom6
    Some of them do. For example, the unwanted expansion of "LD_LIBRARY_PATH" Directories is a Linux bug.
    ZDNet Gravatar
    Rick S._z
    20th Oct 2010
  • Wait........
    now you are calling your room in your mom's basement the office? HaHaHa....OK Lovie, if you say so!
    ZDNet Gravatar
    todbran@...
    20th Oct 2010
  • LOL... LOL...
    Hilarious. And prolly true.

    more LOL... grin
    ZDNet Gravatar
    ahh so
    20th Oct 2010
  • RE: Firefox dirty dozen: Mozilla patches 'critical' browser flaws
    What a load of crap! So I fire up Firefox, and it sits there doing nothing after five minutes, I decide to manually go check for updates, and it says 3.6.11 is available. So I go and update it manually, the next thing it says update Adobe Flash plugin. OK I do that, it restarts Firefox, then in the background the Adobe Download Manager runs. Slowly at that. OK After another five minutes (total 12 minutes so far), the new Adobe 10.1 (which was already loaded in my system BTW) loads but it loaded what I call BLOATWARE, perhaps even MALWARE, by also loading, unrequested, unsolicited, McAfee Security Scan, installed under C:\Program Files (x86). I don't want crap! I choose not to trust McAfee. So now I've got to go uninstall all this unsolicited SPAM crapware, thanks Mozilla Firefox & Adobe...

    These constant bi-weekly updates are total nonsense. Get it right. Get it stable. Or don't do it at all.

    These are incompetent developers! Nothing to do with quick security fixes, when you are voted (3) years in a row as being the MOST VULNERABLE APPLICATION -- YES Firefox.

    ~~~~~~~~~~
    Do it
    Do it right
    Do it right now!
    ZDNet Gravatar
    WinTard
    20th Oct 2010
  • They should wait until they have a perfect product
    It should be out the day after never.
    ZDNet Gravatar
    Michael Alan Goff
    20th Oct 2010
  • RE: Firefox dirty dozen: Mozilla patches 'critical' browser flaws
    @WinTard That's what happens when you go clickey-clickey, next next finish. Next time, read the prompts and you'll see where you could chose not to install what you're complaining about. You could drop the reference to windows from your ID and would still get the point across.
    ZDNet Gravatar
    SpikeyMike
    20th Oct 2010
  • RE: Firefox dirty dozen: Mozilla patches 'critical' browser flaws
    @SpikeyMike

    Nope your're wrong, no clickey, click, click...
    I simply said yes to the plugin, that subsequently downloaded the full thing from within Firefox, as the adobe download manager (another piece of bloat/fat/crapware). No choice there from within Firefox's context. The Adobe download manager ran automatically in the background downloading both Flash, and the crapware McAfee.

    You assume, whereas I experience. And simply report the facts. Just the facts. Good or bad.

    ~~~~~~~~~~~
    The truth is incontrovertible, malice may attack it, ignorance may deride it, but in the end; there it is.
    ~ Winston Churchill
    ZDNet Gravatar
    WinTard
    20th Oct 2010
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
Click Here

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources