Two ‘Extremely Critical’ Bugs Found In Firefox

Two “Extremely Critical” (as classified by Secunia) vulnerabilities have been discovered in Firefox, which can be exploited by malicious people (read crackers) to conduct cross-site scripting attacks and compromise a user’s system.

Unfortunately the proof-of-concept exploit code has been made publicly available, without providing Firefox a chance to fix them first. This is what makes it so dangerous.

The problems are related to:

• Incorrect “IFRAME” JavaScript URL execution protection in context of another URL in the history list.
• Improper verification of input passed to “IconURL” parameter in “InstallTrigger.install()”.

A combination of vulnerability 1 and 2 can be exploited to execute arbitrary code in a users browser.

Successfull exploitation requires that the site is allowed to install software (default sites are “update.mozilla.org” and “addons.mozilla.org”).

“Changes to the Mozilla Update web service have been made to mitigate the risk of an exploit,” the Mozilla Foundation announced on its security site Sunday. Mozilla re-pointed the two update sites to a new URL - do-not-add.mozilla.org, and instructed users not to add that new site to their list of Allowed Sites. The change, however, only defends against the current proof-of-concept that is circulating, not the vulnerabilities themselves.