Topic: New Firefox Security Flaws..

[Pestalence_XC]

A flaw has been discovered in the popular open-source browser Firefox that could expose sensitive information stored in memory, Secunia has warned.

Firefox versions 1.0.1 and 1.0.2 contain the vulnerability, the security information company said in an advisory on Monday. The flaw stems from an error in the JavaScript engine that can expose arbitrary amounts of heap memory after the end of a JavaScript string. As a result, an exploit may disclose sensitive information in the memory, Secunia said.

"Unlike other browser flaws, this one is not subject to phishing or access to the system. But it can expose sensitive information from other Web sites you visited and the information you entered there," said Thomas Kristensen, Secunia chief technology officer.

 While the flaw is only rated as "moderately critical" by Secunia, the rapid adoption of the open-source browser means that many users may be at risk.

[Darth Sidious]

I wonder if it's fixed in 1.0.3

[Nemesis]

A flaw has been discovered in the popular open-source browser Firefox that could expose sensitive information stored in memory, Secunia has warned.

Is this the one?  Link  If this is not the one then please provide a link to your source.

   
Mozilla Firefox JavaScript Engine Information Disclosure Vulnerability

Secunia Advisory:   SA14820   Print Advisory 
Release Date:   2005-04-04
Last Update:   2005-04-16

The vulnerability is caused due to an error in the JavaScript engine, as a "lambda" replace exposes arbitrary amounts of heap memory after the end of a JavaScript string.

Solution:
Update to version 1.0.3.

If this is the one that you mean then the patch has been out since at least the 16th when I posted the link to the update to Firefox.  Link to prior thread

Fixed bug list for 1.03 (as previously posted)

Fixed in Firefox 1.0.3
MFSA 2005-33 Javascript "lambda" replace exposes memory contents
MFSA 2005-34 javascript: PLUGINSPAGE code execution
MFSA 2005-35 Showing blocked javascript: popup uses wrong privilege context
MFSA 2005-36 Cross-site scripting through global scope pollution
MFSA 2005-37 Code execution through javascript: favicons
MFSA 2005-38 Search plugin cross-site scripting
MFSA 2005-39 Arbitrary code execution from Firefox sidebar panel II
MFSA 2005-40 Missing Install object instance checks
MFSA 2005-41 Privilege escalation via DOM property overrides

[toasty0]

MFSA 2005-33 Javascript "lambda" replace exposes memory contents

I believe that is the fix.

[Pestalence_XC]

A flaw has been discovered in the popular open-source browser Firefox that could expose sensitive information stored in memory, Secunia has warned.

Is this the one? Link If this is not the one then please provide a link to your source.

   
Mozilla Firefox JavaScript Engine Information Disclosure Vulnerability

Secunia Advisory:   SA14820   Print Advisory
Release Date:   2005-04-04
Last Update:   2005-04-16

The vulnerability is caused due to an error in the JavaScript engine, as a "lambda" replace exposes arbitrary amounts of heap memory after the end of a JavaScript string.

Solution:
Update to version 1.0.3.

If this is the one that you mean then the patch has been out since at least the 16th when I posted the link to the update to Firefox. Link to prior thread

Fixed bug list for 1.03 (as previously posted)

Fixed in Firefox 1.0.3
MFSA 2005-33 Javascript "lambda" replace exposes memory contents
MFSA 2005-34 javascript: PLUGINSPAGE code execution
MFSA 2005-35 Showing blocked javascript: popup uses wrong privilege context
MFSA 2005-36 Cross-site scripting through global scope pollution
MFSA 2005-37 Code execution through javascript: favicons
MFSA 2005-38 Search plugin cross-site scripting
MFSA 2005-39 Arbitrary code execution from Firefox sidebar panel II
MFSA 2005-40 Missing Install object instance checks
MFSA 2005-41 Privilege escalation via DOM property overrides

http://news.com.com/Flaw+found+in+Firefox/2100-1029_3-5655861.html?tag=nefd.top

to test your browser for the flaw :

http://secunia.com/mozilla_products_arbitrary_memory_exposure_test/

[Javora]

Has anyone tried that test with IE???      IE didn't handle that test any better than Mozilla did.   

When I tried that test with Mozilla a horizontal spaces zipped across the screen.  The only reason I knew there were there was because the slider bar appeared at the bottom of the box.  When I highlighted the spaces most of them became "X".  Now when I tried this test with IE rows and columns of "X" (not spaces that I had to high-light) appeared in the box.  The only difference that I could see was how each browser handled the data that went to the screen.  Other than that, the data appeared to be the same.  Really people, what is this test exactly suppose to prove??!?  Now did both my browsers fail this test or did both of my browsers pass, I have the latest version of Firefox (v 1.0.3) and the latest version of IE.  Does anybody have an older version of Firefox that is willing to test this so called "test"???  I have a small hunch that an older version of Firefox will handle the test the same.  Which begs the question, did the person that came up with this test, really think s/he was on to something or is this just browser hate gone to extreme???

[Darth Sidious]

Older versions of FFox would show useful stuff.  Oh, like your Dynaverse login password. etc.

[Pestalence_XC]

Has anyone tried that test with IE??? IE didn't handle that test any better than Mozilla did.

When I tried that test with Mozilla a horizontal spaces zipped across the screen. The only reason I knew there were there was because the slider bar appeared at the bottom of the box. When I highlighted the spaces most of them became "X". Now when I tried this test with IE rows and columns of "X" (not spaces that I had to high-light) appeared in the box. The only difference that I could see was how each browser handled the data that went to the screen. Other than that, the data appeared to be the same. Really people, what is this test exactly suppose to prove??!? Now did both my browsers fail this test or did both of my browsers pass, I have the latest version of Firefox (v 1.0.3) and the latest version of IE. Does anybody have an older version of Firefox that is willing to test this so called "test"??? I have a small hunch that an older version of Firefox will handle the test the same. Which begs the question, did the person that came up with this test, really think s/he was on to something or is this just browser hate gone to extreme???

I did the test with IE 6 using the XPSP 2 IT install that brings IE 6 SP 1 to IE 6 SP 2 (Windows Update XPSP 2 does not do this, but the 266 MB IT install of XPSP 2 does)..

I ran the test.. I ran it 18 times.. nothig but X's.. so mine passed the test hands down..  IE fixed that memory error in Feb 2003. Just amke sure you have the IT install of XPSP 2 so that your IE is running the IE 6 SP 2, the Windows Updte version of XPSP 2 is still IE 6 SP 1a.

The box is suppose to show X's if your memory is secure.. if your browser has the memory exploit, like the older versions of Fire Fox, then you would see bits of code and / or form information in the box that people can extract from your system memory..

This test, if you notice the URL, is from the same security site that you keep quoting.. as such, I guess you don't trust the security center that is helping to develope your FireFox... I don't either.

[Javora]

I did the test with IE 6 using the XPSP 2 IT install that brings IE 6 SP 1 to IE 6 SP 2 (Windows Update XPSP 2 does not do this, but the 266 MB IT install of XPSP 2 does)..

I ran the test.. I ran it 18 times.. nothig but X's.. so mine passed the test hands down.. Your IE must be way out of date or does not have any security fixes or it is wrong service pack.. IE fixed that memory error lin Feb 2003.

Well then according to you both tests passed if and only if the way Firefox handled the data "X" as invisible is correct.  Both browsers printed "X", the only difference was how each browser handled printing the data.  I think you may have misread my last post.  As for my current setup I bought the full version ($300USD) of XP Pro SP2 a couple of months ago.  The hard drive was reformatted and reloaded four days ago after PC-Cillin update crashed my system.  All XP patches and updates were installed through Windows update.

I'm tempted to download and install an older version of Firefox (if I could find it) just to see how it handles this test.  In fact I think one of my friends may have an older version of Firefox, I'll see if he does and if he will run this test.

[Nemesis]

http://news.com.com/Flaw+found+in+Firefox/2100-1029_3-5655861.html?tag=nefd.top

to test your browser for the flaw :

http://secunia.com/mozilla_products_arbitrary_memory_exposure_test/

So the answer was yes.  You were posting about a flaw announced 21 days ago and fixed 11 days later. 

[Nemesis]

Link to page with current advisories from Secunia for Firefox users

Mozilla Firefox 1.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Less critical

This is based on the most severe Secunia advisory, which is marked as "Unpatched" in the Secunia database. Go to Unpatched/Patched list below for details.

Currently, 4 out of 15 Secunia advisories, is marked as "Unpatched" in the Secunia database.

Link to page with current advisories from Secunia for Internet Explorer users