Donna's SecurityFlash : Web Browser Issues

Fake IRS page and email, See which browser will protect user from phished site

donna — Fri, 26 Oct 2007 14:18:18 GMT

See http://www.dozleng.com/updates/index.php?showtopic=16115 for screenshots. Result: Opera: 2 Firefox: 1 and 1 Internet Explorer: 2...(read more)

Opera JPEG Processing Heap Corruption Vulnerabilities

donna — Tue, 09 Jan 2007 08:44:00 GMT

Opera is vulnerable in parsing the JPEG file format. Discovered were four vulnerabilities, each in different segments of the file format. posidron will describe in this advisory the two important ones. 1 - ntdll.RtlAllocateHeap() DHT vulnerability 2 ...(read more)

Opera Browser patched in secret

donna — Sat, 06 Jan 2007 23:13:00 GMT

Opera patched two remote code execution holes secretly as per Heise Security. Changelog for v9.10 did not mention the said security patch. Details at http://www.heise-security.co.uk/news/83279...(read more)

Internet Explorer MSXML3 Race Condition Memory Corruption Vulnerability

donna — Sat, 06 Jan 2007 00:37:00 GMT

Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability because of a race condition that may cause a NULL-pointer dereference, read or write operations to invalid addresses, or other memory-corruption issues. Attackers may likely...(read more)

Mozilla Foundation Security Advisories (Dec. 19, 2006)

donna — Wed, 20 Dec 2006 03:40:00 GMT

MFSA 2006-76 XSS using outer window's Function object MFSA 2006-75 RSS Feed-preview referrer leak MFSA 2006-74 Mail header processing heap overflows MFSA 2006-73 Mozilla SVG Processing Remote Code Execution MFSA 2006-72 XSS by setting img.src to BLOCKED...(read more)

Opera released v9.10 of Opera Browser by adding Phishing filter (fraud protection) and other fixes/improvements

donna — Mon, 18 Dec 2006 15:59:00 GMT

If you are using Opera browser, get the latest version 9.10 which is available now. One of the new security enhancement is by adding a Fraud Protection (aka Phishing filter). See Opera's Fraud Protection in action by viewing the demo at http://portal...(read more)

Firefox 2.0 delayed by bug outbreak

donna — Sat, 19 Aug 2006 04:10:00 GMT

The new version of open-source browser Firefox has been delayed for a month. Version 2.0, codenamed Bon Echo, had been due on 26 September but will now make its debut on 24 October. The test schedule has also been adjusted, with the second beta now appearing...(read more)

Mozilla Firefox XML Handler Race Condition Memory Corruption Vulnerability

donna — Sat, 19 Aug 2006 03:31:00 GMT

Mozilla Firefox is prone to a remote memory-corruption vulnerability because of a race condition that may result in double-free or other memory-corruption issues. Attackers may likely exploit this issue to execute arbitrary machine code in the context...(read more)

OneStat.com reported "Most Popular browsers by Country"

donna — Thu, 13 Jul 2006 19:41:00 GMT

Global usage share Mozilla Firefox has increased according to OneStat.com OneStat.com reported that Mozilla Firefox's browsers have a total global usage share of 12.93 percent. The total usage share of Mozilla Firefox increased 1.14 percent since May...(read more)

IE 7 can be reset finally

donna — Tue, 13 Jun 2006 05:12:00 GMT

The IE team blogged today that Internet Explorer 7 in Windows XP and Vista can be reset if the browser become unstable due to badly written add-ons or side-effect of malware infection. They wrote... " We have heard from users on their need to recover...(read more)

Internet Explorer "mhtml:" Redirection Disclosure of Sensitive Information

donna — Thu, 27 Apr 2006 15:36:00 GMT

Internet Explorer "mhtml:" Redirection Disclosure of Sensitive Information

Affected Software: Microsoft Internet Explorer 6.x

codedreamer has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information.

The vulnerability is caused due to an error in the handling of redirections for URLs with the "mhtml:" URI handler. This can be exploited to access documents served from another web site.

Secunia has constructed a test, which is available at their website

The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. Other versions may also be affected.

Solution: Disable active scripting support.

http://secunia.com/advisories/19738/

IE7 For XP Beta 2: Has Firefox Met Its Match?

donna — Thu, 27 Apr 2006 00:45:00 GMT

The new public release of Internet Explorer Beta 2 is, according to Microsoft, more stable and ready to be used. But is it ready to go up against Firefox?

Find out at http://www.informationweek.com/showArticle.jhtml?articleID=186700892

Below is part of what Ed Bott blogged today:

"If you're too busy, here’s the conclusion:

On a straight, feature-for-feature comparison, IE7 stacks up well against Firefox. If its improved security model lives up to its design specs, malware distributors will find it much more difficult to make a dishonest living, and the tabbed browsing features in the new release should make it much easier to deal with multiple pages.

The biggest hurdle that Internet Explorer has to overcome, however, is one that doesn’t fit on any features chart. Its tattered reputation - especially when it comes to security - has created an indelible negative impression among the technically savvy users who’ve enthusiastically adopted Firefox so far. Even if the final release of IE7 improves mightily over the current beta, building that new and improved reputation will be an uphill climb.

The security features in IE7 look good on paper, but this week's release marks the first time IE7 has been thrown into the crucible that is the Internet. The criminal gangs that control the malware racket are going to be gunning for IE7 and mercilessly probing for weaknesses. I'll need to see a year's worth of security bulletins before I’m ready to accept the idea that this time it really is different and IE7 is genuinely safe enough to recommend without reservation to friends and family members.

"Good enough" isn’t good enough for Microsoft in the case of IE7. On issues of security in particular, they're going to have to earn back trust from a generation that's been burned pretty badly by security flaws in Windows and IE. That will take time, and there's no guarantee of success.

Meanwhile, Firefox has one pretty huge ally. Visit Google's home page using Internet Explorer today and you'll see the first ad to ever appear on that page - urging you to switch to Firefox."

http://www.edbott.com/weblog/?p=1313

Mozilla Foundation Security Advisory 2006-27

donna — Thu, 27 Apr 2006 00:35:00 GMT

Title: Table Rebuilding Code Execution Vulnerability
Impact: Critical
Announced: April 21, 2006
Reporter: TippingPoint and the Zero Day Initiative
Products: Firefox, Thunderbird, Mozilla Suite
Fixed in:
Firefox 1.5.0.2
Firefox 1.0.8
Thunderbird 1.5.0.2
Thunderbird 1.0.8
SeaMonkey 1.0.1
Mozilla Suite 1.7.13

Description
An anonymous researcher for TippingPoint and the Zero Day Initiative reports that an invalid and nonsensical ordering of table-related tags causes Mozilla to use a negative array index. This invalid memory use can be exploited to run code of the attacker's choice.

Workaround: Upgrade to fixed version.

Although JavaScript is not involved in the vulnerability itself, disabling JavaScript may prevent an attacker from effectively preparing memory in order to carry out the exploit.

http://www.mozilla.org/security/announce/2006/mfsa2006-27.html

Also in http://www.zone-h.org/advisories/read/id=8931

Vulnerability Details:
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Mozilla/Firefox web browser and Thunderbird e-mail client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious e-mail.

The specific flaw exists within the routine RebuildConsideringRows() during the rebuilding of nonsensical table tags. When the Mozilla engine attempts to fix the malformed table, an attacker is capable of triggering a memory corruption that can lead to code execution from user-supplied data.

Vendor Response:
Mozilla has issued an update to correct this vulnerability. Further details are available at:

Disclosure Timeline:
2006.02.28 – Vulnerability reported to vendor
2006.04.25 – Public release of advisory

Safari "rowspan" Attribute Denial of Service Vulnerability

donna — Tue, 25 Apr 2006 18:51:00 GMT

Affected Software:
Safari 1.x
Safari 2.x

Yannick von Arx has discovered a vulnerability in Safari, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the processing of "td" HTML tags with overly large values for the "rowspan" attribute. This can be exploited to consume a large amount of CPU and memory resources on a vulnerable system by tricking a user into visiting a malicious web site.

Successful exploitation causes a vulnerable system to become unresponsive.

The vulnerability has been confirmed in version 2.0.3 (417.9.2) and has also been reported in version 1.3.1 (312.3.1). Other versions may also be affected.

Solution: Do not visit untrusted web sites while working with unsaved sensitive information.

http://secunia.com/advisories/19763/

Internet Explorer "object" Tag Memory Corruption Code Execution

donna — Tue, 25 Apr 2006 18:49:00 GMT

Affected Software: Microsoft Internet Explorer 6.x

Michal Zalewski has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error in the processing of certain sequences of nested "object" HTML tags. This can be exploited to corrupt memory by tricking a user into visiting a malicious web site.

Successful exploitation allows execution of arbitrary code.

The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. Other versions may also be affected.

Solution: Do not visit untrusted web sites.

http://secunia.com/advisories/19762/

Firefox "focus()" Memory Corruption Weakness

donna — Tue, 25 Apr 2006 18:47:00 GMT

Affected Software: Mozilla Firefox 1.x

A weakness has been discovered in Firefox, which can be exploited by malicious people to cause a DoS (Denial of Service).

The weakness is caused due to an error in the handling of unexpected "focus()" JavaScript calls. This can be exploited to corrupt the memory and cause a crash by calling the "focus()" method on a container with specially crafted content.

The weakness has been confirmed in version 1.5.0.2. Other versions may also be affected.

Solution: Disable JavaScript when visiting untrusted web sites.

http://secunia.com/advisories/19802/

Netscape Memory Corruption Vulnerability

donna — Sat, 15 Apr 2006 04:09:00 GMT

Netscape Browser version 8.1 (User-agent: Windows; U; Windows NT 5.0; en-US; rv:1.7.5) Gecko/20060111 Netscape/8.1) is confirmed as affected to recently published memory corruption vulnerability described at http://www.mozilla.org/security/announce/2006/mfsa2006-11.html .

This could be exploited to run arbitrary code in the affected system.

Solution status:
No updated version available from the vendor at the time of reporting.

Affected versions:
Vulnerability has been confirmed in version 8.1 using Windows 2000 Professional SP4 fully patched. Other versions may also be affected.

Workarounds:
None working workarounds available.

http://www.zone-h.org/advisories/read/id=8916

Firefox Browser: Security and Stability Update available

donna — Thu, 13 Apr 2006 23:08:00 GMT

Time to update your Firefox browser to v1.5.0.2. It has security and stability fixes as per Mozilla.

Via Calendar of Updates

Internet Explorer Window Loading Race Condition Address Bar Spoofing

donna — Tue, 04 Apr 2006 12:43:00 GMT

Hai Nam Luke has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks.

The vulnerability is caused due to a race condition in the loading of web content and Macromedia Flash Format files (".swf") in browser windows. This can be exploited to spoof the address bar in a browser window showing a Flash file from a malicious web site.

NOTE: The impact of exploitation is reduced because the URL of the malicious Flash file is visible in the title of the browser window.

The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP1/SP2. Other versions may also be affected.

Solution: Disable Active Scripting support.

http://secunia.com/advisories/19521/

Internet Explorer Unspecified Automatic .HTA Application Execution

donna — Mon, 27 Mar 2006 05:52:00 GMT

Affected Software: Microsoft Internet Explorer 6.x

Jeffrey van der Stad has reported a vulnerability in Internet Explorer, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an unspecified error when handling .HTA applications and allows execution of the .HTA application on the user's system without any user interaction when e.g. visiting a malicious web site.

The vulnerability has been reported in Internet Explorer 6.0. Other versions may also be affected.

Solution: Do not visit untrusted web sites.
Disabling Active Scripting support may prevent exploitation, but has not been proven.

http://secunia.com/advisories/19378/