CVE-2005-1477
CVSS5.1
发布时间 :2005-05-09 00:00:00
修订时间 :2016-10-17 23:19:51
NMCOP    

[原文]The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site.


[CNNVD]Mozilla Firefox安装方式远程执行任意代码漏洞(CNNVD-200505-934)

        Mozilla Firefox是一款非常流行的开放源码WEB浏览器。
        Mozilla Firefox在安装方式的实现上存在漏洞,可能导致无需用户交互就可执行任意代码。
        对漏洞的最初分析表明该漏洞可能导致迷惑浏览器状态栏信息,并允许任意脚本获得UniversalXPConnect权限。但据观察这个漏洞还可被远程利用,在有漏洞的计算机上以运行受影响浏览器用户的权限执行特权操作。
        

- CVSS (基础分值)

CVSS分值: 5.1 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9231The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, t...
oval:org.mitre.oval:def:100001Install Function in Firefox and Mozilla Permits Arbitrary Code Execution
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1477
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1477
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-934
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
(UNKNOWN)  SCO  SCOSA-2005.49
http://greyhatsecurity.org/firefox.htm
(UNKNOWN)  MISC  http://greyhatsecurity.org/firefox.htm
http://greyhatsecurity.org/vulntests/ffrc.htm
(UNKNOWN)  MISC  http://greyhatsecurity.org/vulntests/ffrc.htm
http://marc.info/?l=full-disclosure&m=111553138007647&w=2
(UNKNOWN)  FULLDISC  20050508 Firefox Remote Compromise Leaked
http://marc.info/?l=full-disclosure&m=111556301530553&w=2
(UNKNOWN)  FULLDISC  20050508 Firefox Remote Compromise Technical Details
http://securitytracker.com/id?1013913
(UNKNOWN)  SECTRACK  1013913
http://www.kb.cert.org/vuls/id/648758
(UNKNOWN)  CERT-VN  VU#648758
http://www.mozilla.org/security/announce/mfsa2005-42.html
(UNKNOWN)  CONFIRM  http://www.mozilla.org/security/announce/mfsa2005-42.html
http://www.redhat.com/support/errata/RHSA-2005-434.html
(UNKNOWN)  REDHAT  RHSA-2005:434
http://www.redhat.com/support/errata/RHSA-2005-435.html
(UNKNOWN)  REDHAT  RHSA-2005:435
http://www.securityfocus.com/bid/13544
(UNKNOWN)  BID  13544
http://www.securityfocus.com/bid/15495
(UNKNOWN)  BID  15495
http://www.vupen.com/english/advisories/2005/0493
(UNKNOWN)  VUPEN  ADV-2005-0493
http://xforce.iss.net/xforce/xfdb/20443
(UNKNOWN)  XF  mozilla-javascript-code-execution(20443)
https://bugzilla.mozilla.org/show_bug.cgi?id=292691
(UNKNOWN)  MISC  https://bugzilla.mozilla.org/show_bug.cgi?id=292691
https://bugzilla.mozilla.org/show_bug.cgi?id=293302
(UNKNOWN)  MISC  https://bugzilla.mozilla.org/show_bug.cgi?id=293302

- 漏洞信息

Mozilla Firefox安装方式远程执行任意代码漏洞
中危 跨站脚本
2005-05-09 00:00:00 2005-10-25 00:00:00
远程  
        Mozilla Firefox是一款非常流行的开放源码WEB浏览器。
        Mozilla Firefox在安装方式的实现上存在漏洞,可能导致无需用户交互就可执行任意代码。
        对漏洞的最初分析表明该漏洞可能导致迷惑浏览器状态栏信息,并允许任意脚本获得UniversalXPConnect权限。但据观察这个漏洞还可被远程利用,在有漏洞的计算机上以运行受影响浏览器用户的权限执行特权操作。
        

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载Firefox 1.0.4:
        http://www.mozilla.org/products/firefox/

- 漏洞信息 (F38418)

Gentoo Linux Security Advisory 200505-11 (PacketStormID:F38418)
2005-07-02 00:00:00
Gentoo  security.gentoo.org
advisory,javascript,protocol
linux,gentoo
CVE-2005-1476,CVE-2005-1477
[点击下载]

Gentoo Linux Security Advisory GLSA 200505-11 - The Mozilla Suite and Firefox do not properly protect IFRAME JavaScript URLs from being executed in context of another URL in the history list (CVE-2005-1476). The Mozilla Suite and Firefox also fail to verify the IconURL parameter of the InstallTrigger.install() function (CVE-2005-1477). Michael Krax and Georgi Guninski discovered that it is possible to bypass JavaScript-injection security checks by wrapping the javascript: URL within the view-source: or jar: pseudo-protocols (MFSA2005-43). Versions less than 1.0.4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200505-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Mozilla Suite, Mozilla Firefox: Remote compromise
      Date: May 15, 2005
      Bugs: #91859, #92393, #92394
        ID: 200505-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Several vulnerabilities in the Mozilla Suite and Firefox allow an
attacker to conduct cross-site scripting attacks or to execute
arbitrary code.

Background
==========

The Mozilla Suite is a popular all-in-one web browser that includes a
mail and news reader. Mozilla Firefox is the next-generation browser
from the Mozilla project.

Affected packages
=================

    -------------------------------------------------------------------
     Package                         /  Vulnerable  /       Unaffected
    -------------------------------------------------------------------
  1  www-client/mozilla-firefox           < 1.0.4             >= 1.0.4
  2  www-client/mozilla-firefox-bin       < 1.0.4             >= 1.0.4
  3  www-client/mozilla                   < 1.7.8             >= 1.7.8
  4  www-client/mozilla-bin               < 1.7.8             >= 1.7.8
    -------------------------------------------------------------------
     4 affected packages on all of their supported architectures.
    -------------------------------------------------------------------

Description
===========

The Mozilla Suite and Firefox do not properly protect "IFRAME"
JavaScript URLs from being executed in context of another URL in the
history list (CAN-2005-1476). The Mozilla Suite and Firefox also fail
to verify the "IconURL" parameter of the "InstallTrigger.install()"
function (CAN-2005-1477). Michael Krax and Georgi Guninski discovered
that it is possible to bypass JavaScript-injection security checks by
wrapping the javascript: URL within the view-source: or jar:
pseudo-protocols (MFSA2005-43).

Impact
======

A malicious remote attacker could use the "IFRAME" issue to execute
arbitrary JavaScript code within the context of another website,
allowing to steal cookies or other sensitive data. By supplying a
javascript: URL as the "IconURL" parameter of the
"InstallTrigger.Install()" function, a remote attacker could also
execute arbitrary JavaScript code. Combining both vulnerabilities with
a website which is allowed to install software or wrapping javascript:
URLs within the view-source: or jar: pseudo-protocols could possibly
lead to the execution of arbitrary code with user privileges.

Workaround
==========

Affected systems can be protected by disabling JavaScript. However, we
encourage Mozilla Suite or Mozilla Firefox users to upgrade to the
latest available version.

Resolution
==========

All Mozilla Firefox users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0.4"

All Mozilla Firefox binary users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose 
">=www-client/mozilla-firefox-bin-1.0.4"

All Mozilla Suite users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.8"

All Mozilla Suite binary users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.8"

References
==========

  [ 1 ] CAN-2005-1476
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1476
  [ 2 ] CAN-2005-1477
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1477
  [ 3 ] Mozilla Foundation Security Advisory 2005-43
        http://www.mozilla.org/security/announce/mfsa2005-43.html

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200505-11.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0
    

- 漏洞信息

16186
Mozilla Firefox IFRAME JavaScript URL XSS
Remote / Network Access Input Manipulation
Loss of Integrity Upgrade
Exploit Public Vendor Verified

- 漏洞描述

- 时间线

2005-05-07 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 1.0.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站