Security holes in Firefox 1.0.3

Paul and Michael Krax found a few security holes in Firefox and put them together to form an arbitrary-code-execution exploit. Links: Paul's notes, private bug, public bug, Secunia advisory, MozillaZine article.

To protect yourself against all of these holes, disable JavaScript. (Some people have suggested only disabling software installation. If you only disable software installation, you will still be vulnerable to the XSS hole used in the exploit. XSS is sufficient for stealing cookies, saved passwords, intranet web pages, etc.)

Two of the security holes involve javascript: URLs, which have been the source of many security holes in Firefox and other web browsers. Brendan suggested tracking where javascript: URLs came from so they run with the correct privileges as a way of reducing the number of these holes in the future. Meanwhile, Hixie suggested disallowing chrome: code from using javascript: URLs.

Paul's exploit was leaked on Saturday. After the leak, I noticed that http://greyhatsecurity.org/vulntests/ was publicly listable (fixed as of Sunday). My guess as to how it was leaked is that someone else had noticed that the directory was listable and checked the directory every few days for new exploits. It is ironic that a security researcher's site had this kind of hole, but then again I have horrible habits with passwords and use Windows.

One Response to “Security holes in Firefox 1.0.3”

  1. Windows-Security Says:

    There is a new Version of FireFox released. In Version 1.04 the problems are fixed.

    Long Live FireFox