Mozilla Firefox and Google Chrome Updated for Security Flaws
It's a big week for browser updates, as both Mozilla and Google are updating their respective Web browsers for multiple security flaws.
The Mozilla Firefox 3.6.11 update addresses at least nine security flaws, five of which are rated as being critical by Mozilla. Among the critical flaws are memory safety hazard issues, as well as a memory corruption issue that could potentially enable an attacker to run arbitrary code.
Additionally there is a critical fix for a use-after-free memory error, which could enable attackers to make unauthorized use of allocated memory.
"Security researcher Sergey Glazunov reported that it was possible to access the 'locationbar' property of a window object after it had been closed," Mozilla's security advisory states. "Since the closed window's memory could have been subsequently reused by the system, it was possible that an attempt to access the 'locationbar' property could result in the execution of attacker-controlled memory."
Mozilla also credits HP TippingPoint's Zero Day Initiative with the discovery of a JavaScript dangling pointer vulnerability, which could also lead to an attacker taking control of user memory.
"When 'window.__lookupGetter' is called with no arguments, the code assumes the top JavaScript stack value is a property name," Mozilla's advisory states. "Since there were no arguments passed into the function, the top value could represent uninitialized memory or a pointer to a previously freed JavaScript object. Under such circumstances the value is passed to another subroutine, which calls through the dangling pointer, potentially executing attacker-controlled memory."
Firefox 3.6.11 also provides fixes for a number of interesting vulnerabilities, including one related to how Firefox handles the nearly extinct Gopher (define)server system. The Gopher vulnerability could have led to a Cross Site Scripting (XSS) attack.
There is also a fix for an SSL wildcard flaw that Mozilla notes is unlikely to ever occur, since a certificate authority isn't likely to grant the wildcard certificate.
"Security researcher Richard Moore reported that when an SSL certificate was created with a common name containing a wildcard, followed by a partial IP address, a valid SSL connection could be established with a server whose IP address matched the wildcard range by browsing directly to the IP address," Mozilla stated in its advisory.
The issue of SSL wildcards was a topic that was first raised at theBlack Hat 2009 security conference. Famed security researcher reported that the major browser vendors all had SSL wildcard flaws that could potentially be exploited. Mozilla patched the specific flaws highlighted by Kaminsky in August of 2009 with the Firefox 3.5.2 release.
Chrome 7
Google is also joining the Web browser update parade this week with the release of Chrome 7.0.517.41 for its stable channel. The release marks the first stable Chrome 7.x release for Google, after having been in its development channel for the last three months.
With Chrome 7.0.517.41, Google is providing at least 11 security fixes, five of which are labeled as having high impact and one listed as critical. The critical flaw is a browser crash issue related to the form autofill capability.
As was the case with Firefox, memory corruption issues are part of the Chrome fix list. Google has credited researcher Simon Schaak with reporting memory corruption issues with animated GIF images in Chrome.
Chrome 7.0.517.41 also provides a high impact fix for a possible URL spoofing issue that could have occurred when the page is unloaded.
The Mozilla Firefox 3.6.11 update addresses at least nine security flaws, five of which are rated as being critical by Mozilla. Among the critical flaws are memory safety hazard issues, as well as a memory corruption issue that could potentially enable an attacker to run arbitrary code.
Additionally there is a critical fix for a use-after-free memory error, which could enable attackers to make unauthorized use of allocated memory.
"Security researcher Sergey Glazunov reported that it was possible to access the 'locationbar' property of a window object after it had been closed," Mozilla's security advisory states. "Since the closed window's memory could have been subsequently reused by the system, it was possible that an attempt to access the 'locationbar' property could result in the execution of attacker-controlled memory."
Mozilla also credits HP TippingPoint's Zero Day Initiative with the discovery of a JavaScript dangling pointer vulnerability, which could also lead to an attacker taking control of user memory.
"When 'window.__lookupGetter' is called with no arguments, the code assumes the top JavaScript stack value is a property name," Mozilla's advisory states. "Since there were no arguments passed into the function, the top value could represent uninitialized memory or a pointer to a previously freed JavaScript object. Under such circumstances the value is passed to another subroutine, which calls through the dangling pointer, potentially executing attacker-controlled memory."
Firefox 3.6.11 also provides fixes for a number of interesting vulnerabilities, including one related to how Firefox handles the nearly extinct Gopher (define)server system. The Gopher vulnerability could have led to a Cross Site Scripting (XSS) attack.
There is also a fix for an SSL wildcard flaw that Mozilla notes is unlikely to ever occur, since a certificate authority isn't likely to grant the wildcard certificate.
"Security researcher Richard Moore reported that when an SSL certificate was created with a common name containing a wildcard, followed by a partial IP address, a valid SSL connection could be established with a server whose IP address matched the wildcard range by browsing directly to the IP address," Mozilla stated in its advisory.
The issue of SSL wildcards was a topic that was first raised at theBlack Hat 2009 security conference. Famed security researcher reported that the major browser vendors all had SSL wildcard flaws that could potentially be exploited. Mozilla patched the specific flaws highlighted by Kaminsky in August of 2009 with the Firefox 3.5.2 release.
Chrome 7
Google is also joining the Web browser update parade this week with the release of Chrome 7.0.517.41 for its stable channel. The release marks the first stable Chrome 7.x release for Google, after having been in its development channel for the last three months.
With Chrome 7.0.517.41, Google is providing at least 11 security fixes, five of which are labeled as having high impact and one listed as critical. The critical flaw is a browser crash issue related to the form autofill capability.
As was the case with Firefox, memory corruption issues are part of the Chrome fix list. Google has credited researcher Simon Schaak with reporting memory corruption issues with animated GIF images in Chrome.
Chrome 7.0.517.41 also provides a high impact fix for a possible URL spoofing issue that could have occurred when the page is unloaded.
0 comments:
Post a Comment