Mozilla Unchecked Allocation Remote Code Execution

Notification Type: IBM Internet Security Systems Protection Advisory
Notification Date: November 13, 2008
Notification Version: 1.1
   
Name: Mozilla Unchecked Allocation Remote Code Execution
Public disclosure/
In the wild date:		 November 12, 2008 (vuln disclosure)
Aliases:

Mozilla Foundation Security Advisory 2008-54
CVE:

CVE-2008-0017
Description:

Mozilla Firefox and Mozilla SeaMonkey are vulnerable to remote code execution by enticing a user to click on a malicious URL.
Discoverer: Justin Schuh of the IBM X-Force

 

ISS Coverage
Product Content Version
Proventia Network IDS
Proventia Network IPS
Proventia Network MFS
Proventia Server (Linux)
RealSecure Network
RealSecure Server Sensor		 28.060
Proventia Desktop
Proventia Server IPS (Windows)		 2200
Propagation Techniques ISS Protection Available

remote exploit

HTTP_Client_Converter_Null_Ptr_BO

May 13, 2008

Detailed Description
Business Impact:

Compromise of machines using affected versions of Firefox or other Mozilla-based applications may lead to exposure of confidential information, loss of productivity, and further compromise. An attacker must cause the victim user to browse to a malicious web page, click a link in a malicious email, or similar operation in order to perform a successful attack. Successful exploitation grants an attacker the privileges of the victim.

CVSS: Base Score: 9.3
  Access Vector: Network
Access Complexity: Medium
Authentication: None
Confidentiality Impact: Complete
Integrity Impact: Complete
Availability Impact: Complete
Adjusted Temporal Score: 7.3
  Exploitability: Proof-of-Concept
Remediation Level: Official-Fix
Report Confidence: Confirmed
Affected Products: Mozilla Firefox and Mozilla SeaMonkey.  See references for details.
Technical Description: The http-index-format parser does not check for an allocation failure on a format array. The resulting array is then terminated with a sentinel value of 0xFFFFFFFF. A malicious party can exploit this issue to execute arbitrary code by overwriting a sensitive memory location (such as a buffer length or boolean variable).
Remediation:

Patches are available for this issue. See References for details.

References
XFDB: http://xforce.iss.net/xforce/xfdb/42089
Mozilla: http://www.mozilla.org/security/announce/2008/mfsa2008-54.html

Revision History
1.0 Initial publication.
1.1 In the CVSS calculation, changed Access complexity to medium, added PoC released in Mozilla advisory, and adjusted base and temporal scores accordingly.

* According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall IBM be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

About IBM Security Systems

IBM Security Systems include an extensive portfolio of hardware, software solutions, professional and managed services offerings covering the spectrum of IT and business security risks: people and identity, data and information, application and process, network, server and endpoint and physical infrastructure, empowering clients to innovate and operate their businesses on the most secure infrastructure platforms. Through world-class solutions that address risk across the enterprise, IBM helps organizations build a strong security posture that helps reduce costs, improve service, and manage risk. IBM X-Force(R) Research and Development is one of the most renowned commercial security research and development groups in the world. For more information on how to address today's biggest risks, please visit us at ibm.com/security.