OSVDB ID: 32111

Title: Mozilla Multiple Products HTML Tag Attribute Trailing Character Content Filter Bypass

Info

Disclosure

Feb 23, 2007

Discovery

Oct 27, 2005

Dates

Exploit

Unknown

Solution

Unknown

Description

Mozilla Firefox and SeaMonkey parsers improperly ignore invalid trailing characters in HTML tag attribute names. This allows remote attackers to bypass web site content filters that use regular expressions and execute arbitrary scripting code resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified, Vendor Verified

Solution

Upgrade to Mozilla Firefox version 2.0.0.2 or higher, Mozilla Firefox version 1.5.0.10 or higher, and Mozilla SeaMonkey version 1.0.8 or higher as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Mozilla Organization	SeaMonkey	1.0.8
		1.0.7
		1.0.6
		1.0.5
		1.0.3
		1.0.2
		1.0.1
		1.0 dev
		1.0
	Firefox	2.0.0.2
		1.5.0.10
		0.8
		0.9
		0.9 rc
		0.9.1
		0.9.2
		0.9.3
		0.10
		0.10.1
		1.0
		1.0.1
		1.0.2
		1.0.3
		1.0.4
		1.0.5
		1.0.6
		1.0.7
		1.0.8
		1.5
		1.5 beta 1
		1.5 beta 2
		1.5.0.1
		1.5.0.2
		1.5.0.3
		1.5.0.4
		1.5.0.5
		1.5.0.6
		1.5.0.7
		1.5.0.9
		2.0
		2.0 Beta 1
		2.0 RC2
		2.0 RC3
		2.0.1

References

CVE ID: 2007-0995 (see also: NVD)
Bugtraq ID: 22694
Secunia Advisory ID: 24205 24238 24252 24287 24290 24293 24320 24327 24328 24333 24342 24343 24384 24393 24395 24437 24455 24457 24569 24650 25588
SCIP VulDB ID: 2963
Related OSVDB ID: 32103 32104 32105 32107 32109 32110 32112 32114
VUPEN Advisory: ADV-2007-0718
Other Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc http://fedoranews.org/cms/node/2721
http://fedoranews.org/cms/node/2728
http://ha.ckers.org/xss.html#XSS_Non_alpha_non_digit2
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0006.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
http://www.gentoo.org/security/en/glsa/glsa-200703-04.xml
http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
http://www.ubuntu.com/usn/usn-428-1
http://www.us.debian.org/security/2007/dsa-1336
Vendor Specific Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc http://fedoranews.org/cms/node/2713
http://lists.rpath.com/pipermail/security-announce/2007-February/000153.html
http://www.mozilla.org/security/announce/2007/mfsa2007-02.html
Vendor Specific News/Changelog Entry: https://bugzilla.mozilla.org/show_bug.cgi?id=314980
https://bugzilla.mozilla.org/show_bug.cgi?id=315473
RedHat RHSA: RHSA-2007:0077 RHSA-2007:0078 RHSA-2007:0079

Credit

Alejandro Torras - atec_postyahoo.es -

Direct URL: http://osvdb.org/32111

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Mozilla Organization

SeaMonkey

Firefox

References

Credit