Firefox version 18.104.22.168 fixes three “high impact” flaws, including a URI (uniform resource identifier) scheme bug in the browser that can be exploited to perform cross-site scripting (XSS) attacks, Mozilla disclosed Tuesday in an advisory.
The flaw, disclosed by researchers Jesse Ruderman and Petko Petkov, occurs when a URI scheme is “introduced as a mechanism to support digitally signed webpages,” which enables users to install pages on other websites, and could lead to XSS attacks.
A published proof-of-concept attack demonstrated how a cyberattacker could steal a user's Gmail contact list by exploiting the flaw.
Mozilla also patched a referrer-spoofing bug in the window.location race condition.
The timing condition vulnerability, disclosed by researcher Gregory Fleischer, can be exploited to conduct a cross-site request forgery attack against websites that sign users off after an elapsed period of time.
Amol Sarwate, director of the vulnerability research lab at Qualys, told SCMagazineUS.com today that the referrer-spoofing flaw can be exploited to hijack a user's online banking session.
“The session, as well as the cookies, can be used by the attacker to, for example, transfer money out of his account because the session, as well as the cookies, are correct while the user is timed in,” he said.
The Mountain View, Calif.-based organization also released a cumulative fix for three bugs that “showed some evidence of memory corruption under certain circumstances” and that could be exploited to run arbitrary code.
Mozilla last month patched eight flaws in Firefox and SeaMonkey, including two “critical” flaws. Last week, Mozilla released Firefox 3 Beta 1, which the organisation said will have improved website-identification and anti-virus integration features.
A Mozilla representative could not be immediately reached for comment.
See original article on SC Magazine US
Mozilla fixes three Firefox bugs
By Staff Writers on Nov 28, 2007 11:33AM