int(1525)

Vulnerability Bulletins


Vulnerabilidad en el manejo de plugins de búsqueda en Mozilla Firefox

Vulnerability classification

Property Value
Confidence level Oficial
Impact Aumento de la visibilidad
Dificulty Experto
Required attacker level Acceso remoto sin cuenta a un servicio estandar

System information

Property Value
Affected manufacturer GNU/Linux
Affected software Firefox <1.0.3
Mozilla Suite <1.7.7

Description

Se ha descubierto una vulnerabilidad en las versiones anteriores a la 1.0.3 de Mozilla Firefox y en las versiones anteriores a la 1.7.7 de Mozilla Suite. La vulnerabilidad se da en el manejo de plugins de búsqueda.

La explotación de esta vulnerabilidad podría permitir a un atacante remoto sobrescribir un plugin de búsqueda instalado previamente por el usuario y utilizarlo para robar información sensible.

Solution



Actualización de software

Mozilla
Firefox 1.0.3
http://www.mozilla.org/products/firefox/all.html
Mozilla Suite 1.7.7
http://www.mozilla.org/releases/#1.7.7

Red Hat Linux (Firefox, Mozilla)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
https://rhn.redhat.com/

SUSE Linux

SUSE Linux 9.3
x86
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/MozillaFirefox-1.0.3-1.1.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/MozillaFirefox-translations-1.0.3-1.1.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-1.7.5-17.2.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-calendar-1.7.5-17.2.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-devel-1.7.5-17.2.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-dom-inspector-1.7.5-17.2.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-irc-1.7.5-17.2.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-mail-1.7.5-17.2.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-spellchecker-1.7.5-17.2.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-venkman-1.7.5-17.2.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-32bit-9.3-7.1.x86_64.rpm
x86-64
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-1.7.5-17.2.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-calendar-1.7.5-17.2.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-devel-1.7.5-17.2.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-dom-inspector-1.7.5-17.2.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-irc-1.7.5-17.2.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-mail-1.7.5-17.2.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-spellchecker-1.7.5-17.2.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-venkman-1.7.5-17.2.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/mozilla-1.7.5-17.2.src.rpm

SUSE Linux 9.2
x86
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/MozillaFirefox-1.0.3-1.1.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-1.7.2-17.9.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-calendar-1.7.2-17.9.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-devel-1.7.2-17.9.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-dom-inspector-1.7.2-17.9.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-irc-1.7.2-17.9.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-mail-1.7.2-17.9.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-spellchecker-1.7.2-17.9.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-venkman-1.7.2-17.9.i586.rpm
x86-64
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/MozillaFirefox-1.0.3-1.1.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-1.7.2-17.9.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-calendar-1.7.2-17.9.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-devel-1.7.2-17.9.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-dom-inspector-1.7.2-17.9.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-irc-1.7.2-17.9.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-mail-1.7.2-17.9.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-spellchecker-1.7.2-17.9.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-venkman-1.7.2-17.9.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/MozillaFirefox-1.0.3-1.1.src.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/mozilla-1.7.2-17.9.src.rpm

SUSE Linux 9.1
x86
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/MozillaFirefox-1.0.3-0.5.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/MozillaFirefox-1.0.3-0.5.src.rpm
x86-64
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/MozillaFirefox-1.0.3-0.5.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/MozillaFirefox-1.0.3-0.5.src.rpm

SUSE Linux 9.0
x86
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/MozillaFirebird-1.0.3-3.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/MozillaFirebird-1.0.3-3.src.rpm
x86-64
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/MozillaFirebird-1.0.3-3.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/MozillaFirebird-1.0.3-3.src.rpm

Red Hat Linux (Mozilla)
Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Linux Advanced Workstation 2.1 Itanium Processor
https://rhn.redhat.com/

SCO
UnixWare 7.1.4
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.29/mozilla.image
OpenServer 5.0.7
ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4_vol.tar

Standar resources

Property Value
CVE CAN-2005-1156
CAN-2005-1157
BID

Other resources

Mozilla Foundation Security Advisory 2005-38
http://www.mozilla.org/security/announce/mfsa2005-38.html

Red Hat Security Advisory RHSA-2005:383-07
https://rhn.redhat.com/errata/RHSA-2005-383.html

Red Hat Security Advisory RHSA-2005:386-08
https://rhn.redhat.com/errata/RHSA-2005-386.html

SUSE Security Announcement SUSE-SA:2005:028
http://www.novell.com/linux/security/advisories/2005_28_mozilla_firefox.html

Red Hat Security Advisory RHSA-2005:384-11
https://rhn.redhat.com/errata/RHSA-2005-384.html

SCO Security Advisory SCOSA-2005.29
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.29/SCOSA-2005.29.txt

SCO Security Advisory (SCOSA-2005.49)
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt

Version history

Version Comments Date
1.0 Aviso emitido 2005-04-18
1.1 Aviso emitido por Red Hat (RHSA-2005:383-07). CANs añadidos. 2005-04-22
1.2 Aviso emitido por Red Hat (RHSA-2005:386-08) 2005-04-27
1.3 Aviso emitido por SUSE (SUSE-SA:2005:028) 2005-04-28
1.4 Aviso emitido por Red Hat (RHSA-2005:384-11) 2005-04-29
1.5 Aviso emitido por SCO (SCOSA-2005.29) 2005-07-04
1.6 Aviso emitido por SCO (SCOSA-2005.49) 2005-11-28
Ministerio de Defensa
CNI
CCN
CCN-CERT