malformed
February 24th, 2007, 09:53 AM
{QUOTE-> Mozilla Firefox fails to properly handle JavaScript onUnload events
Overview
Mozilla Firefox does not properly handle JavaScript onUnload events. This vulnerability may lead to memory corruption that could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
I. Description
The JavaScript onUnload event is executed when the browser exits a web page. An event handler can be installed via JavaScript to trap and process this event.
Mozilla Firefox fails to properly handle JavaScript onUnload events. Specifically, Firefox may not correctly handle freed data structures modified in the onUnload event handler possibly leading to memory corruption.
II. Impact
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user.
III. Solution
We are currently unaware of a practical solution to this problem. Until Mozilla releases a fix for this issue, the following workaround will reduce the chances of exploitation:
Disable JavaScript
Disabling JavaScript will prevent exploitation of this vulnerability. For instructions on disabling JavaScript in Mozilla Firefox, refer to the Mozilla Firefox section the Securing Your Web Browser document. <-QUOTE}
http://www.kb.cert.org/vuls/id/393921
{QUOTE-> Status: NEW
Severity: critical
Keywords: crash, testcase
Whiteboard: [sg:critical]
URL: http://lcamtuf.coredump.cx/ietrap/testme.html [1] **** Sample Test ****
Product: Core
Component: Security
Version: Trunk
Hardware: PC
OS: All <-QUOTE}
https://bugzilla.mozilla.org/show_bug.cgi?id=371321
[1] Text added in quote by me
Overview
Mozilla Firefox does not properly handle JavaScript onUnload events. This vulnerability may lead to memory corruption that could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
I. Description
The JavaScript onUnload event is executed when the browser exits a web page. An event handler can be installed via JavaScript to trap and process this event.
Mozilla Firefox fails to properly handle JavaScript onUnload events. Specifically, Firefox may not correctly handle freed data structures modified in the onUnload event handler possibly leading to memory corruption.
II. Impact
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user.
III. Solution
We are currently unaware of a practical solution to this problem. Until Mozilla releases a fix for this issue, the following workaround will reduce the chances of exploitation:
Disable JavaScript
Disabling JavaScript will prevent exploitation of this vulnerability. For instructions on disabling JavaScript in Mozilla Firefox, refer to the Mozilla Firefox section the Securing Your Web Browser document. <-QUOTE}
http://www.kb.cert.org/vuls/id/393921
{QUOTE-> Status: NEW
Severity: critical
Keywords: crash, testcase
Whiteboard: [sg:critical]
URL: http://lcamtuf.coredump.cx/ietrap/testme.html [1] **** Sample Test ****
Product: Core
Component: Security
Version: Trunk
Hardware: PC
OS: All <-QUOTE}
https://bugzilla.mozilla.org/show_bug.cgi?id=371321
[1] Text added in quote by me