===================================================================== CERT-Renater Note d'Information No. 2010/VULN427 _____________________________________________________________________ DATE : 28/10/2010 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running Firefox versions prior to 3.6.12 and 3.5.15, Thunderbird versions prior to 3.1.6 and 3.0.10, SeaMonkey versions prior to 2.0.10. ====================================================================== http://www.mozilla.org/security/announce/2010/mfsa2010-73.html http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/ ______________________________________________________________________ Mozilla Foundation Security Advisory 2010-73 Title: Heap buffer overflow mixing document.write and DOM insertion Impact: Critical Announced: October 27, 2010 Reporter: Morten Kråkvik Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.12 Firefox 3.5.15 Thunderbird 3.1.6 Thunderbird 3.0.10 SeaMonkey 2.0.10 DESCRIPTION Morten Kråkvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms. Reading mail in Thunderbird does not pose a risk to users, however the vulnerability is present and could be triggered in RSS feeds if JavaScript is enabled or by an add-on that enables browser-like functionality. REFERENCES https://bugzilla.mozilla.org/show_bug.cgi?id=607222 CVE-2010-3765 _______________________________________________________________________ Critical vulnerability in Firefox 3.5 and Firefox 3.6 10.26.10 - 02:30pm Update (Oct 27, 2010 @ 20:12): A fix for this vulnerability has been released for Firefox and Thunderbird users. Firefox 3.6.12 and 3.5.15 security updates now available Thunderbird 3.1.6 and 3.0.10 security updates now available Issue: Mozilla is aware of a critical vulnerability affecting Firefox 3.5 and Firefox 3.6 users. We have received reports from several security research firms that exploit code leveraging this vulnerability has been detected in the wild. Impact to users: Users who visited an infected site could have been affected by the malware through the vulnerability. The trojan was initially reported as live on the Nobel Peace Prize site, and that specific site is now being blocked by Firefox’s built-in malware protection. However, the exploit code could still be live on other websites. Status: We have diagnosed the issue and are currently developing a fix, which will be pushed out to Firefox users as soon as the fix has been properly tested. In the meantime, users can protect themselves by doing either of the following: Disabling JavaScript in Firefox Using the NoScript Add-on Credit: Morten Kråkvik of Telenor SOC ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================