var-200606-0464
Vulnerability from variot
Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form. Mozilla Firefox allows cross-domain access to an iframe. This vulnerability could allow an attacker to interact with a web site in a different domain. The attacker could read content and cookies, capture keystrokes, and modify content. Mozilla Firefox does not filter input when sending certain URIs to registered protocol handlers. This may allow a remote, authenticated attacker to use Firefox as a vector for executing commands on a vulnerable system.
Want to join the Secunia Security Team?
Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports.
SOLUTION: Disable Active Scripting support.
Do not enter suspicious text when visiting untrusted web sites.
Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications.
TITLE: Mozilla Firefox Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA26095
VERIFY ADVISORY: http://secunia.com/advisories/26095/
CRITICAL: Highly critical
IMPACT: Cross Site Scripting, Spoofing, DoS, System access
WHERE:
From remote
SOFTWARE: Mozilla Firefox 2.0.x http://secunia.com/product/12434/
DESCRIPTION: Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks and potentially to compromise a user's system.
1) Various errors in the browser engine can be exploited to cause memory corruption and potentially to execute arbitrary code.
2) Various errors in the Javascript engine can be exploited to cause memory corruption and potentially to execute arbitrary code.
3) An error in the "addEventListener" and "setTimeout" methods can be exploited to inject script into another site's context, circumventing the browser's same-origin policy.
4) An error in the cross-domain handling can be exploited to inject arbitrary HTML and script code in a sub-frame of another web site.
This is related to vulnerability #5 in: SA21906
5) An unspecified error in the handling of elements outside of documents allows an attacker to call an event handler and execute arbitrary code with chrome privileges.
6) An unspecified error in the handling of "XPCNativeWrapper" can lead to execution of user-supplied code.
SOLUTION: Update to version 2.0.0.5.
PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman, Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul Nickerson, and Vladimir Sukhoy. 2) The vendor credits Asaf Romano, Jesse Ruderman, and Igor Bukanov. 3, 5) The vendor credits moz_bug_r_a4 4) Ronen Zilberman and Michal Zalewski 6) The vendor credits shutdown and moz_bug_r_a4.
ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2007/mfsa2007-18.html http://www.mozilla.org/security/announce/2007/mfsa2007-19.html http://www.mozilla.org/security/announce/2007/mfsa2007-20.html http://www.mozilla.org/security/announce/2007/mfsa2007-21.html http://www.mozilla.org/security/announce/2007/mfsa2007-25.html
OTHER REFERENCES: SA21906: http://secunia.com/advisories/21906/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors.
The vulnerability is caused due to an error within the handling of "about:blank" pages loaded by chrome in an addon. This can be exploited to execute script code under chrome privileges by e.g. clicking on a link opened in an "about:blank" window created and populated in a certain ways by an addon.
Successful exploitation requires that certain addons are installed. http://www.mozilla.com/en-US/firefox/
Thunderbird: Fixed in the upcoming version 2.0.0.6. http://www.mozilla.com/en-US/thunderbird/
SeaMonkey: Fixed in the upcoming version 1.1.4.
For more information: SA26201
PROVIDED AND/OR DISCOVERED BY: moz_bug_r_a4
CHANGELOG: 2007-07-31: Updated "Description". Added link to vendor advisory. "mailto", "news", "nntp", "snews", "telnet"). using Firefox visits a malicious website with a specially crafted "mailto" URI containing a "%" character and ends in a certain extension (e.g.
The vulnerability is confirmed on a fully patched Windows XP SP2 and Windows Server 2003 SP2 system using Firefox version 2.0.0.5 and Netscape Navigator version 9.0b2. Other versions and browsers may also be affected.
SOLUTION: Do not browse untrusted websites or follow untrusted links.
PROVIDED AND/OR DISCOVERED BY: Vulnerability discovered by: * Billy (BK) Rios
Firefox not escaping quotes originally discussed by: * Jesper Johansson
Additional research by Secunia Research. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA07-297B
Adobe Updates for Microsoft Windows URI Vulnerability
Original release date: October 24, 2007 Last revised: -- Source: US-CERT
Systems Affected
Microsoft Windows XP and Windows Server 2003 systems with Internet Explorer 7 and any of the following Adobe products: * Adobe Reader 8.1 and earlier * Adobe Acrobat Professional, 3D, and Standard 8.1 and earlier * Adobe Reader 7.0.9 and earlier * Adobe Acrobat Professional, 3D, Standard, and Elements 7.0.9 and earlier
Overview
Adobe has released updates for the Adobe Reader and Adobe Acrobat product families. The update addresses a URI handling vulnerability in Microsoft Windows XP and Server 2003 systems with Internet Explorer 7.
I. Description
Installing Microsoft Internet Explorer (IE) 7 on Windows XP or Server 2003 changes the way Windows handles Uniform Resource Identifiers (URIs). This change has introduced a flaw that can cause Windows to incorrectly determine the appropriate handler for the protocol specified in a URI. More information about this vulnerability is available in US-CERT Vulnerability Note VU#403150.
Public reports indicate that this vulnerability is being actively exploited with malicious PDF files. Adobe has released Adobe Reader 8.1.1 and Adobe Acrobat 8.1.1, which mitigate this vulnerability.
II.
III. Solution
Apply an update
Adobe has released Adobe Reader 8.1.1 and Adobe Acrobat 8.1.1 to address this issue. These Adobe products handle URIs in a way that mitigates the vulnerability in Microsoft Windows.
Disable the mailto: URI in Adobe Reader and Adobe Acrobat
If you are unable to install an updated version of the software, this vulnerability can be mitigated by disabling the mailto: URI handler in Adobe Reader and Adobe Acrobat. Please see Adobe Security Bulletin APSB07-18 for details.
Appendix A. Vendor Information
Adobe
For information about updating affected Adobe products, see Adobe Security Bulletin APSB07-18.
Appendix B. References
* Adobe Security Bulletin APSB07-18 -
<http://www.adobe.com/support/security/bulletins/apsb07-18.htm>
* Microsoft Security Advisory (943521) -
<http://www.microsoft.com/technet/security/advisory/943521.mspx>
* US-CERT Vulnerability Note VU#403150 -
<http://www.kb.cert.org/vuls/id/403150>
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA07-297B.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA07-297B Feedback VU#403150" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
October 24, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRx+8WPRFkHkM87XOAQIrOQf/USsBbfDmKZ4GCi8W2466mI+kZoEHoe/H 3l3p4/1cuFGoPHFfeDLbG+alXiHSAdXoX7Db34InEUKMs7kRUVPEdW9LggI9VaTJ lKnZJxM3dXL+zPCWcDkNqrmmzyJuXwN5FmSXhlcnN4+FRzNrZYwDe1UcOk3q6m1s VNPIBTrqfSuFRllNt+chV1vQ876LLweS+Xh1DIQ/VIyduqvTogoYZO4p2A0YJD57 4y0obNuk+IhgzyhZHtSsR0ql7rGrFr4S97XUQGbKOAZWcDzNGiXJ5FkrMTaP25OI LazBVDofVz8ydUcEkb4belgv5REpfYUJc9hRbRZ+IpbAay2j42m8NQ== =PgB9 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200606-0464",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "mozilla",
"version": null
},
{
"model": "ie",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.01"
},
{
"model": "ie",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6"
},
{
"model": "network camera server vb101",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "adobe",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "network camera server vb101",
"scope": null,
"trust": 0.6,
"vendor": "canon",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#143297"
},
{
"db": "CERT/CC",
"id": "VU#403150"
},
{
"db": "CERT/CC",
"id": "VU#783400"
},
{
"db": "NVD",
"id": "CVE-2006-2900"
},
{
"db": "CNNVD",
"id": "CNNVD-200606-183"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:windows_2000_sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:canon:network_camera_server_vb101:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:5.01:windows_2000_sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:*:windows_xp_professional_64bit:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:sp1:windows_98:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:sp1:windows_millennium:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:sp1:windows_98_se:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:ie:6:sp1:windows_xpsp1:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2900"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Secunia",
"sources": [
{
"db": "PACKETSTORM",
"id": "47071"
},
{
"db": "PACKETSTORM",
"id": "57832"
},
{
"db": "PACKETSTORM",
"id": "58191"
},
{
"db": "PACKETSTORM",
"id": "58068"
}
],
"trust": 0.4
},
"cve": "CVE-2006-2900",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-19008",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-2900",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#143297",
"trust": 0.8,
"value": "8.51"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#403150",
"trust": 0.8,
"value": "18.43"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#783400",
"trust": 0.8,
"value": "25.52"
},
{
"author": "CNNVD",
"id": "CNNVD-200606-183",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-19008",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#143297"
},
{
"db": "CERT/CC",
"id": "VU#403150"
},
{
"db": "CERT/CC",
"id": "VU#783400"
},
{
"db": "VULHUB",
"id": "VHN-19008"
},
{
"db": "NVD",
"id": "CVE-2006-2900"
},
{
"db": "CNNVD",
"id": "CNNVD-200606-183"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form. Mozilla Firefox allows cross-domain access to an iframe. This vulnerability could allow an attacker to interact with a web site in a different domain. The attacker could read content and cookies, capture keystrokes, and modify content. Mozilla Firefox does not filter input when sending certain URIs to registered protocol handlers. This may allow a remote, authenticated attacker to use Firefox as a vector for executing commands on a vulnerable system. \n\n----------------------------------------------------------------------\n\nWant to join the Secunia Security Team?\n\nSecunia offers a position as a security specialist, where your daily\nwork involves reverse engineering of software and exploit code,\nauditing of source code, and analysis of vulnerability reports. \n\nSOLUTION:\nDisable Active Scripting support. \n\nDo not enter suspicious text when visiting untrusted web sites. \n\n----------------------------------------------------------------------\n\nTry a new way to discover vulnerabilities that ALREADY EXIST in your\nIT infrastructure. \n\nThe Full Featured Secunia Network Software Inspector (NSI) is now\navailable:\nhttp://secunia.com/network_software_inspector/\n\nThe Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT\nvulnerabilities in more than 4,000 different Windows applications. \n\n----------------------------------------------------------------------\n\nTITLE:\nMozilla Firefox Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA26095\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/26095/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nCross Site Scripting, Spoofing, DoS, System access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nMozilla Firefox 2.0.x\nhttp://secunia.com/product/12434/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Mozilla Firefox, which can\nbe exploited by malicious people to conduct spoofing and cross-site\nscripting attacks and potentially to compromise a user\u0027s system. \n\n1) Various errors in the browser engine can be exploited to cause\nmemory corruption and potentially to execute arbitrary code. \n\n2) Various errors in the Javascript engine can be exploited to cause\nmemory corruption and potentially to execute arbitrary code. \n\n3) An error in the \"addEventListener\" and \"setTimeout\" methods can be\nexploited to inject script into another site\u0027s context, circumventing\nthe browser\u0027s same-origin policy. \n\n4) An error in the cross-domain handling can be exploited to inject\narbitrary HTML and script code in a sub-frame of another web site. \n\nThis is related to vulnerability #5 in:\nSA21906\n\n5) An unspecified error in the handling of elements outside of\ndocuments allows an attacker to call an event handler and execute\narbitrary code with chrome privileges. \n\n6) An unspecified error in the handling of \"XPCNativeWrapper\" can\nlead to execution of user-supplied code. \n\nSOLUTION:\nUpdate to version 2.0.0.5. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) The vendor credits Bernd Mielke, Boris Zbarsky, David Baron,\nDaniel Veditz, Jesse Ruderman, Lukas Loehrer, Martijn Wargers, Mats\nPalmgren, Olli Pettay, Paul Nickerson, and Vladimir Sukhoy. \n2) The vendor credits Asaf Romano, Jesse Ruderman, and Igor Bukanov. \n3, 5) The vendor credits moz_bug_r_a4\n4) Ronen Zilberman and Michal Zalewski\n6) The vendor credits shutdown and moz_bug_r_a4. \n\nORIGINAL ADVISORY:\nhttp://www.mozilla.org/security/announce/2007/mfsa2007-18.html\nhttp://www.mozilla.org/security/announce/2007/mfsa2007-19.html\nhttp://www.mozilla.org/security/announce/2007/mfsa2007-20.html\nhttp://www.mozilla.org/security/announce/2007/mfsa2007-21.html\nhttp://www.mozilla.org/security/announce/2007/mfsa2007-25.html\n\nOTHER REFERENCES:\nSA21906:\nhttp://secunia.com/advisories/21906/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\n----------------------------------------------------------------------\n\nBETA test the new Secunia Personal Software Inspector!\n\nThe Secunia PSI detects installed software on your computer and\ncategorises it as either Insecure, End-of-Life, or Up-To-Date. \nEffectively enabling you to focus your attention on software\ninstallations where more secure versions are available from the\nvendors. \n\nThe vulnerability is caused due to an error within the handling of\n\"about:blank\" pages loaded by chrome in an addon. This can be\nexploited to execute script code under chrome privileges by e.g. \nclicking on a link opened in an \"about:blank\" window created and\npopulated in a certain ways by an addon. \n\nSuccessful exploitation requires that certain addons are installed. \nhttp://www.mozilla.com/en-US/firefox/\n\nThunderbird:\nFixed in the upcoming version 2.0.0.6. \nhttp://www.mozilla.com/en-US/thunderbird/\n\nSeaMonkey:\nFixed in the upcoming version 1.1.4. \n\nFor more information:\nSA26201\n\nPROVIDED AND/OR DISCOVERED BY:\nmoz_bug_r_a4\n\nCHANGELOG:\n2007-07-31: Updated \"Description\". Added link to vendor advisory. \"mailto\", \"news\", \"nntp\", \"snews\", \"telnet\"). using\nFirefox visits a malicious website with a specially crafted \"mailto\"\nURI containing a \"%\" character and ends in a certain extension (e.g. \n\nThe vulnerability is confirmed on a fully patched Windows XP SP2 and\nWindows Server 2003 SP2 system using Firefox version 2.0.0.5 and\nNetscape Navigator version 9.0b2. Other versions and browsers may\nalso be affected. \n\nSOLUTION:\nDo not browse untrusted websites or follow untrusted links. \n\nPROVIDED AND/OR DISCOVERED BY:\nVulnerability discovered by:\n* Billy (BK) Rios\n\nFirefox not escaping quotes originally discussed by:\n* Jesper Johansson\n\nAdditional research by Secunia Research. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\tNational Cyber Alert System\n Technical Cyber Security Alert TA07-297B\n\n\nAdobe Updates for Microsoft Windows URI Vulnerability\n\n Original release date: October 24, 2007\n Last revised: --\n Source: US-CERT\n\nSystems Affected\n\n Microsoft Windows XP and Windows Server 2003 systems with Internet\n Explorer 7 and any of the following Adobe products:\n * Adobe Reader 8.1 and earlier\n * Adobe Acrobat Professional, 3D, and Standard 8.1 and earlier\n * Adobe Reader 7.0.9 and earlier\n * Adobe Acrobat Professional, 3D, Standard, and Elements 7.0.9 and\n earlier\n\nOverview\n\n Adobe has released updates for the Adobe Reader and Adobe Acrobat\n product families. The update addresses a URI handling vulnerability in\n Microsoft Windows XP and Server 2003 systems with Internet Explorer 7. \n\nI. Description\n\n Installing Microsoft Internet Explorer (IE) 7 on Windows XP or Server\n 2003 changes the way Windows handles Uniform Resource Identifiers\n (URIs). This change has introduced a flaw that can cause Windows to\n incorrectly determine the appropriate handler for the protocol\n specified in a URI. More information about this vulnerability is available in\n US-CERT Vulnerability Note VU#403150. \n\n Public reports indicate that this vulnerability is being actively\n exploited with malicious PDF files. Adobe has released Adobe Reader\n 8.1.1 and Adobe Acrobat 8.1.1, which mitigate this vulnerability. \n\nII. \n\nIII. Solution\n\nApply an update\n\n Adobe has released Adobe Reader 8.1.1 and Adobe Acrobat 8.1.1 to\n address this issue. These Adobe products handle URIs in a way that\n mitigates the vulnerability in Microsoft Windows. \n\nDisable the mailto: URI in Adobe Reader and Adobe Acrobat\n\n If you are unable to install an updated version of the software, this\n vulnerability can be mitigated by disabling the mailto: URI handler in\n Adobe Reader and Adobe Acrobat. Please see Adobe Security Bulletin\n APSB07-18 for details. \n\n\nAppendix A. Vendor Information\n\nAdobe\n\n For information about updating affected Adobe products, see Adobe\n Security Bulletin APSB07-18. \n\nAppendix B. References\n\n * Adobe Security Bulletin APSB07-18 -\n \u003chttp://www.adobe.com/support/security/bulletins/apsb07-18.htm\u003e\n \n * Microsoft Security Advisory (943521) -\n \u003chttp://www.microsoft.com/technet/security/advisory/943521.mspx\u003e\n \n * US-CERT Vulnerability Note VU#403150 -\n \u003chttp://www.kb.cert.org/vuls/id/403150\u003e\n\n _________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA07-297B.html\u003e\n _________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA07-297B Feedback VU#403150\" in the\n subject. \n _________________________________________________________________\n \n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n _________________________________________________________________\n\n Produced 2007 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n _________________________________________________________________\n\nRevision History\n\n October 24, 2007: Initial release\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRx+8WPRFkHkM87XOAQIrOQf/USsBbfDmKZ4GCi8W2466mI+kZoEHoe/H\n3l3p4/1cuFGoPHFfeDLbG+alXiHSAdXoX7Db34InEUKMs7kRUVPEdW9LggI9VaTJ\nlKnZJxM3dXL+zPCWcDkNqrmmzyJuXwN5FmSXhlcnN4+FRzNrZYwDe1UcOk3q6m1s\nVNPIBTrqfSuFRllNt+chV1vQ876LLweS+Xh1DIQ/VIyduqvTogoYZO4p2A0YJD57\n4y0obNuk+IhgzyhZHtSsR0ql7rGrFr4S97XUQGbKOAZWcDzNGiXJ5FkrMTaP25OI\nLazBVDofVz8ydUcEkb4belgv5REpfYUJc9hRbRZ+IpbAay2j42m8NQ==\n=PgB9\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2900"
},
{
"db": "CERT/CC",
"id": "VU#143297"
},
{
"db": "CERT/CC",
"id": "VU#403150"
},
{
"db": "CERT/CC",
"id": "VU#783400"
},
{
"db": "VULHUB",
"id": "VHN-19008"
},
{
"db": "PACKETSTORM",
"id": "47071"
},
{
"db": "PACKETSTORM",
"id": "57832"
},
{
"db": "PACKETSTORM",
"id": "58191"
},
{
"db": "PACKETSTORM",
"id": "58068"
},
{
"db": "PACKETSTORM",
"id": "60418"
}
],
"trust": 3.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "26201",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "20449",
"trust": 1.8
},
{
"db": "BID",
"id": "18308",
"trust": 1.7
},
{
"db": "SREASON",
"id": "1059",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-2161",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2006-2900",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26288",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "26095",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#403150",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#783400",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#143297",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200606-183",
"trust": 0.7
},
{
"db": "FULLDISC",
"id": "20060605 FILE UPLOAD WIDGETS IN IE AND FIREFOX HAVE ISSUES",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-19008",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "47071",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "57832",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "58191",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "58068",
"trust": 0.1
},
{
"db": "USCERT",
"id": "TA07-297B",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "60418",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#143297"
},
{
"db": "CERT/CC",
"id": "VU#403150"
},
{
"db": "CERT/CC",
"id": "VU#783400"
},
{
"db": "VULHUB",
"id": "VHN-19008"
},
{
"db": "PACKETSTORM",
"id": "47071"
},
{
"db": "PACKETSTORM",
"id": "57832"
},
{
"db": "PACKETSTORM",
"id": "58191"
},
{
"db": "PACKETSTORM",
"id": "58068"
},
{
"db": "PACKETSTORM",
"id": "60418"
},
{
"db": "NVD",
"id": "CVE-2006-2900"
},
{
"db": "CNNVD",
"id": "CNNVD-200606-183"
}
]
},
"id": "VAR-200606-0464",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-19008"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:05:26.386000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-19008"
},
{
"db": "NVD",
"id": "CVE-2006-2900"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://secunia.com/advisories/26201/"
},
{
"trust": 1.7,
"url": "http://xs-sniper.com/blog/2007/07/24/remote-command-execution-in-firefox-2005/"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/18308"
},
{
"trust": 1.7,
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-june/046610.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/20449"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/1059"
},
{
"trust": 1.6,
"url": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/"
},
{
"trust": 1.6,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=389580"
},
{
"trust": 1.6,
"url": "http://support.microsoft.com/kb/224816"
},
{
"trust": 1.6,
"url": "http://kb.mozillazine.org/firefox_:_faqs_:_about:config_entries"
},
{
"trust": 1.6,
"url": "http://en.wikipedia.org/wiki/uniform_resource_identifier"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/2161"
},
{
"trust": 0.9,
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-20.html"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/26095/"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/26288/"
},
{
"trust": 0.8,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html"
},
{
"trust": 0.8,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=382686"
},
{
"trust": 0.8,
"url": "http://www.w3schools.com/tags/tag_iframe.asp"
},
{
"trust": 0.8,
"url": "http://www.w3.org/tr/html401/present/frames.html#h-16.5"
},
{
"trust": 0.8,
"url": "https://addons.mozilla.org/en-us/firefox/addon/722"
},
{
"trust": 0.8,
"url": "http://www.mozilla.org/projects/security/components/same-origin.html"
},
{
"trust": 0.8,
"url": "http://www.cert.org/archive/pdf/cross_site_scripting.pdf"
},
{
"trust": 0.8,
"url": "http://www.stopbadware.org/home/security#preventing"
},
{
"trust": 0.8,
"url": "http://www.antiphishing.org/consumer_recs.html"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/reading_room/securing_browser/"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms07-061.mspx"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/advisory/943521.mspx"
},
{
"trust": 0.8,
"url": "http://blogs.technet.com/msrc/archive/2007/10/25/msrc-blog-october-25th-update-to-security-advisory-943521.aspx"
},
{
"trust": 0.8,
"url": "http://www.adobe.com/support/security/advisories/apsa07-04.html"
},
{
"trust": 0.8,
"url": "http://www.adobe.com/support/security/bulletins/apsb07-18.html"
},
{
"trust": 0.8,
"url": "http://en-us.www.mozilla.com/en-us/firefox/2.0.0.6/releasenotes/"
},
{
"trust": 0.8,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=389106"
},
{
"trust": 0.8,
"url": "http://www.w3schools.com/tags/ref_urlencode.asp"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/2161"
},
{
"trust": 0.4,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.4,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.4,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/network_software_inspector/"
},
{
"trust": 0.2,
"url": "http://secunia.com/product/12434/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/20449/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/20442/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/11/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_specialist/"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-18.html"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-25.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/21906/"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-19.html"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-21.html"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/projects/seamonkey/"
},
{
"trust": 0.1,
"url": "http://www.mozilla.com/en-us/firefox/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-27.html"
},
{
"trust": 0.1,
"url": "http://www.mozilla.com/en-us/thunderbird/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14383/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14070/"
},
{
"trust": 0.1,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=388121"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-26.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1173/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/22/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1174/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1176/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1175/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/783400"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/16/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/12366/"
},
{
"trust": 0.1,
"url": "http://msinfluentials.com/blogs/jesper/archive/2007/07/20/hey-mozilla-quotes-are-not-legal-in-a-url.aspx"
},
{
"trust": 0.1,
"url": "http://www.adobe.com/support/security/bulletins/apsb07-18.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/technet/security/advisory/943521.mspx\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/403150\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta07-297b.html\u003e"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#143297"
},
{
"db": "CERT/CC",
"id": "VU#403150"
},
{
"db": "CERT/CC",
"id": "VU#783400"
},
{
"db": "VULHUB",
"id": "VHN-19008"
},
{
"db": "PACKETSTORM",
"id": "47071"
},
{
"db": "PACKETSTORM",
"id": "57832"
},
{
"db": "PACKETSTORM",
"id": "58191"
},
{
"db": "PACKETSTORM",
"id": "58068"
},
{
"db": "PACKETSTORM",
"id": "60418"
},
{
"db": "NVD",
"id": "CVE-2006-2900"
},
{
"db": "CNNVD",
"id": "CNNVD-200606-183"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#143297"
},
{
"db": "CERT/CC",
"id": "VU#403150"
},
{
"db": "CERT/CC",
"id": "VU#783400"
},
{
"db": "VULHUB",
"id": "VHN-19008"
},
{
"db": "PACKETSTORM",
"id": "47071"
},
{
"db": "PACKETSTORM",
"id": "57832"
},
{
"db": "PACKETSTORM",
"id": "58191"
},
{
"db": "PACKETSTORM",
"id": "58068"
},
{
"db": "PACKETSTORM",
"id": "60418"
},
{
"db": "NVD",
"id": "CVE-2006-2900"
},
{
"db": "CNNVD",
"id": "CNNVD-200606-183"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-06-08T00:00:00",
"db": "CERT/CC",
"id": "VU#143297"
},
{
"date": "2007-07-27T00:00:00",
"db": "CERT/CC",
"id": "VU#403150"
},
{
"date": "2007-07-26T00:00:00",
"db": "CERT/CC",
"id": "VU#783400"
},
{
"date": "2006-06-07T00:00:00",
"db": "VULHUB",
"id": "VHN-19008"
},
{
"date": "2006-06-10T05:36:59",
"db": "PACKETSTORM",
"id": "47071"
},
{
"date": "2007-07-19T02:44:59",
"db": "PACKETSTORM",
"id": "57832"
},
{
"date": "2007-08-01T00:35:42",
"db": "PACKETSTORM",
"id": "58191"
},
{
"date": "2007-07-27T03:17:23",
"db": "PACKETSTORM",
"id": "58068"
},
{
"date": "2007-10-25T04:18:19",
"db": "PACKETSTORM",
"id": "60418"
},
{
"date": "2006-06-07T16:02:00",
"db": "NVD",
"id": "CVE-2006-2900"
},
{
"date": "2006-06-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200606-183"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-03-14T00:00:00",
"db": "CERT/CC",
"id": "VU#143297"
},
{
"date": "2007-11-13T00:00:00",
"db": "CERT/CC",
"id": "VU#403150"
},
{
"date": "2007-07-31T00:00:00",
"db": "CERT/CC",
"id": "VU#783400"
},
{
"date": "2011-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-19008"
},
{
"date": "2011-10-11T04:00:00",
"db": "NVD",
"id": "CVE-2006-2900"
},
{
"date": "2006-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200606-183"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200606-183"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mozilla Firefox allows cross-domain iframe access via JavaScript",
"sources": [
{
"db": "CERT/CC",
"id": "VU#143297"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200606-183"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.