Spyware, viruses, & security forum: VULNERABILITIES / FIXES - October 10, 2012

Release Date : 2012-10-10

Criticality level : Highly critical
Impact: Security Bypass
Cross Site Scripting
Spoofing
System access
Where : From remote
Solution Status : Unpatched

Software: Mozilla Firefox 15.x
Mozilla Thunderbird 15.x

Description:
Multiple vulnerabilities have been reported in Mozilla Firefox and Thunderbird, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, and compromise a user's system.

1) Several unspecified errors in the browser engine can be exploited to corrupt memory.

2) An error when handling the "<select>" dropdown menu can be exploited to display arbitrary content while showing the URL of another site.

3) An error when handling the "document.domain" properly can be exploited to bypass the same origin policy and e.g. execute script code in the context of another domain.

4) Some errors can be exploited to bypass checks for the DOMWindowUtils class and call restricted methods.

5) An error when transitioning into Reader Mode does not properly sanitise content and can be exploited to conduct cross-site scripting attacks.

Note: This vulnerability only affects Firefox for Android.

6) A use-after-free error exists when invoking full screen mode and navigating backwards in history.

7) An invalid cast error exists when using the instanceof operator on certain JavaScript objects.

8) An error when invoking the "GetProperty()" function via JSAPI can be exploited to bypass certain checks and execute arbitrary code.

9) An error when handling the "location" property via binary plugins can be exploited to conduct cross-site scripting attacks.

10) An error within Chrome Object Wrapper (COW) when handling the "InstallTrigger" object can be exploited to access certain privileged functions and properties.

11) An error when handling the "location.hash" property and history navigation can be exploited to e.g. display an arbitrary site or execute arbitrary script code.

12) An out-of-bounds read error exists within the "IsCSSWordSpacingSpace()" function.

13) A use-after-free error exists within the "nsHTMLCSSUtils::CreateCSSPropertyTxn()" function.

14) An error within the "nsHTMLEditor::IsPrevCharInNodeWhitespace()" function can be exploited to cause a heap-based buffer overflow.

15) A use-after-free error exists within the "nsSMILAnimationController::DoSample()" function.

16) A use-after-free error exists within the "nsTextEditRules::WillInsert()" function.

17) A use-after-free error exists within the "DOMSVGTests::GetRequiredFeatures()" function.

18) An error within the "nsCharTraits::length()" function can be exploited to cause a buffer overflow.

19) An error within the "nsWaveReader::DecodeAudioData()" function can be exploited to cause a heap-based buffer overflow.

20) An error within the "insPos" property can be exploited to corrupt memory.

21) An error within the "Convolve3x3()" function can be exploited to cause a heap-based buffer overflow.

22) A use-after-free error exists within the "nsIContent::GetNameSpaceID()" function.

Solution:
Upgrade to version 16.

Provided and/or discovered by:
The vendor credits:
1) Henrik Skupin, Jesse Ruderman, moz_bug_r_a4, Christian Holler, and Jesse Ruderman.
2) David Bloom, Cue
3) Collin Jackson
4) Johnny Stenback
5) Warren He
6) Soroush Dalili
7) Ms2ger
8) Alice White
9, 10, 11) Mariusz Mlynski
12 - 17) Abhishek Arya (Inferno), Google Chrome Security Team
18 - 21) Atte Kettunen, OUSPG
22) miaubiz

Original Advisory:
Mozilla:
http://www.mozilla.org/security/announce/2012/mfsa2012-74.html
http://www.mozilla.org/security/announce/2012/mfsa2012-75.html
http://www.mozilla.org/security/announce/2012/mfsa2012-76.html
http://www.mozilla.org/security/announce/2012/mfsa2012-77.html
http://www.mozilla.org/security/announce/2012/mfsa2012-78.html
http://www.mozilla.org/security/announce/2012/mfsa2012-79.html
http://www.mozilla.org/security/announce/2012/mfsa2012-80.html
http://www.mozilla.org/security/announce/2012/mfsa2012-81.html
http://www.mozilla.org/security/announce/2012/mfsa2012-82.html
http://www.mozilla.org/security/announce/2012/mfsa2012-83.html
http://www.mozilla.org/security/announce/2012/mfsa2012-84.html
http://www.mozilla.org/security/announce/2012/mfsa2012-85.html
http://www.mozilla.org/security/announce/2012/mfsa2012-86.html
http://www.mozilla.org/security/announce/2012/mfsa2012-87.html

http://secunia.com/advisories/50856/

Release Date : 2012-10-10

Criticality level : Highly critical
Impact: Security Bypass
Cross Site Scripting
System access
Where : From remote
Solution Status : Vendor Patch

Software: Mozilla Firefox 10.x
Mozilla Thunderbird 10.x

Description:
Multiple vulnerabilities have been reported in Mozilla Firefox and Thunderbird, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system.

Solution:
Update to version 10.0.8.

Original Advisory:
Mozilla:
http://www.mozilla.org/security/announce/2012/mfsa2012-74.html
http://www.mozilla.org/security/announce/2012/mfsa2012-77.html
http://www.mozilla.org/security/announce/2012/mfsa2012-79.html
http://www.mozilla.org/security/announce/2012/mfsa2012-81.html
http://www.mozilla.org/security/announce/2012/mfsa2012-82.html
http://www.mozilla.org/security/announce/2012/mfsa2012-83.html
http://www.mozilla.org/security/announce/2012/mfsa2012-84.html
http://www.mozilla.org/security/announce/2012/mfsa2012-85.html
http://www.mozilla.org/security/announce/2012/mfsa2012-86.html
http://www.mozilla.org/security/announce/2012/mfsa2012-87.html

http://secunia.com/advisories/50936/

Release Date : 2012-10-10

Criticality level : Less critical
Impact : Privilege escalation
Where : Local system
Solution Status : Vendor Patch

Software: SUSE Studio Onsite 1.x

Description:
SUSE has issued an update for qemu. This fixes two vulnerabilities, which can be exploited by malicious, local users in a guest virtual machine to potentially gain escalated privileges.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
SUSE-SU-2012:1320-1:
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00002.html

http://secunia.com/advisories/50913/

Release Date : 2012-10-10

Criticality level : Highly critical
Impact: Security Bypass
Cross Site Scripting
Spoofing
System access
Where : From remote
Solution Status : Vendor Patch

Operating System : Ubuntu Linux 10.04
Ubuntu Linux 11.04
Ubuntu Linux 11.10
Ubuntu Linux 12.04

Description:
Ubuntu has issued an update for firefox. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, and compromise a user's system.

Solution:
Apply updated packages.

Original Advisory:
USN-1600-1:
http://www.ubuntu.com/usn/usn-1600-1/

http://secunia.com/advisories/50892/

Release Date : 2012-10-10

Criticality level : Moderately critical
Impact: Security Bypass
Privilege escalation
DoS
Where : From remote
Solution Status : Vendor Patch

Software: HP Secure Web Server for OpenVMS 2.x

Description:
HP has acknowledged some weaknesses and some vulnerabilities in HP Secure Web Server (SWS) for OpenVMS, which can be exploited by malicious, local users to bypass certain security restrictions and gain escalated privileges and by malicious people to cause a DoS (Denial of Service) and bypass certain security restrictions.

The weaknesses and the vulnerabilities are reported in versions 2.2 and prior.

Solution:
Update to version 2.2 Update 2.

Original Advisory:
HPSBOV02822 SSRT100966:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03517954

http://secunia.com/advisories/50922/

Release Date : 2012-10-10

Criticality level : Not critical
Impact: DoS
Where : From remote
Solution Status : Vendor Patch

Operating System : Oracle Solaris 11.x
Sun Solaris 10.x

Description:
Oracle has acknowledged two weaknesses in Pidgin included in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Apply patches.

Original Advisory:
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_pidgin

http://secunia.com/advisories/50945/

Oracle Solaris BIND Resource Record Denial of Service Vulnerability

Release Date : 2012-10-10

Criticality level : Moderately critical
Impact: DoS
Where : From remote
Solution Status : Vendor Patch

Operating System : Oracle Solaris 11.x
Sun Solaris 10.x
Sun Solaris 9.x

Description:
Oracle has acknowledged a vulnerability in BIND included in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Apply patches.

Original Advisory:
https://blogs.oracle.com/sunsecurity/entry/cve_2012_4244_denial_of

http://secunia.com/advisories/50947/

RSA Adaptive Authentication On-Premise Information Disclosure Vulnerability

Release Date : 2012-10-10

Criticality level: Less critical
Impact: Exposure of sensitive information
Where : From local network
Solution Status : Vendor Patch

Software: RSA Adaptive Authentication 6.x

Description:
A vulnerability has been reported in RSA Adaptive Authentication, which can be exploited by malicious people to disclose certain sensitive information.

The vulnerability is caused due to an unspecified error when calling certain components. No further information is currently available.

The vulnerability is reported in version 6.0.2.1.

Solution:
Update to version 6.0.2.1 SP3 P3.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://archives.neohapsis.com/archives/bugtraq/2012-10/att-0036/ESA-2012-035.txt

http://secunia.com/advisories/50931/

Release Date : 2012-10-10

Criticality level: Less critical
Impact: Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: Joomla! 3.x

Description:
A vulnerability has been reported in Joomla!, which can be exploited by malicious people to conduct cross-site scripting attacks.

Certain unspecified input passed to the language search component is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in versions prior to 3.0.1.

Solution:
Update to version 3.0.1.

Provided and/or discovered by:
The vendor credits Jeff Channell

Original Advisory:
http://www.joomla.org/announcements/release-news/5468-joomla-3-0-1-released.html
http://developer.joomla.org/security/news/541-20121001-core-xss-vulnerability

http://secunia.com/advisories/50879/

Release Date : 2012-10-10

Criticality level : Moderatly critical
Impact: Unknown
Where : From remote
Solution Status : Unpatched

Software: AceFTP 1.x (component for Joomla!)

Description:
A vulnerability with an unknown impact has been reported in the AceFTP component for Joomla!.

The vulnerability is caused due to an unspecified error. No further information is currently available.

The vulnerability is reported in version 1.0.2. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Reported by the Joomla! VEL team

Original Advisory:
Joomla! Vulnerable Extensions List:
http://docs.joomla.org/Vulnerable_Extensions_List#ACEFTP

http://secunia.com/advisories/50822/