Newsletters

Select newsletters below and click the button to sign up!

Boston News NY News
DC News Internet Daily
SiliconValley News
InternetNews Business Report




Become a Marketplace Partner


Partner With Us


Internetnews Bloggers

Recent Entries

Archives

September 2009
Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30      

Monthly Archives

Search The Blog

Netstat -vat by Sean Michael Kerner (bio)

A command line view of IT



Mozilla Firefox 3.0.9 fixes XSS flaws

By Sean Michael Kerner on April 22, 2009 9:08 AM
sr-firefox3.jpg
From the 'don't refresh until you update' files:

Mozilla is out with Firefox 3.0.9 today, fixing at least one critical set of vulnerabilities and issuing 9 security advisories in total.

The one critical security issue is another 'Crashes with evidence of memory corruption' advisory, which nearly every Firefox update of the past three years has included. More interestingly, Firefox 3.0.9 includes several fixes related to XSS (cross site scripting) related flaws.

One of the XSS risks patched in the update, deals withsame-origin violations in XMLHttpRequest (XHR). XHR requests are the lifeblood of AJAX communications and though Mozilla has only labelled this issue as being 'High', in my view it's the most serious issue fixed in 3.0.9. Mozilla's advisory on the issue notes that, " An attacker could use this vulnerability to execute arbitrary JavaScript within the context of another site."

There is also a same origin violation (in my view this is still XSS) with how Mozilla handles Adobe Flash. According to Mozilla's advisory on Flash handling flaw,"The Flash file can bypass restrictions imposed by the crossdomain.xml mechanism and initiate HTTP requests to arbitrary third-party sites. This vulnerability could be used by an attacker to perform CSRF attacks against these sites."

Again Mozilla has only labelled the Flash issue as being 'High', but I see it as critical. Perhaps even more serious in my layperson's view is this is a flaw that stem from a third party plug-in (Flash) but affect Mozilla. It underscores the importance of proper boundary checking for plug-ins(think QuickTime too), which really could represent the greatest threats to browsers in general.
In fact there is another plug-in related flaw patched in Firefox 3.0.9 whereby Firefox users could also be at risk from a malicious search plug-in.
Security researcher Prateek Saxena reported that a malicious MozSearch plugin could be created using a javascript: URI in the SearchForm value. This URI is used as the default landing page when an empty search is performed. If an attacker could get a user to install the malicious plugin and perform an empty search, the SearchForm javascript: URI would be executed within the context of the currently open page.
Another really interesting XSS related flaw fixed in Firefox 3.0.9 is one where simply by refreshing a browser page a user could be at risk of attack. Though the attack scenario seems a little strange to me, the way Mozilla explains the flaw, " If an attacker could inject a Refresh header into a server response, or could control the value that a site places in the Refresh header, they could use this vulnerability to perform an XSS attack and execute arbitrary JavaScript within the context of that site."

Wow. Simply refreshing a site is a security risk! That's unbelievable (almost).

| Comments (0) | TrackBacks (0) | Share

Tags:

0 TrackBacks

Listed below are links to blogs that reference this entry: Mozilla Firefox 3.0.9 fixes XSS flaws.

TrackBack URL for this entry: https://swarm.jupitermedia.com/mt-tb.cgi/7891

Leave a comment