Category Archives: Web Browser Issues

Opera JPEG Processing Heap Corruption Vulnerabilities

Opera is vulnerable in parsing the JPEG file format. Discovered were four vulnerabilities, each in different segments of the file format. posidron will describe in this advisory the two important ones.


1 – ntdll.RtlAllocateHeap() DHT vulnerability
2 – ntdll.RtlAllocateHeap() SOS vulnerability


Opera Mini for mobile phones could be vulnerable also. The second bug looks very interesting to this topic.


Vulnerable Systems:
 * Opera version 9.01 Build 8552


Details
The following code produces the sample image on which all further operations are made. It’s a valid image which was generated with Adobe Photoshop.


Credit:
The information has been provided by posidron.
The original article can be found at: http://www.milw0rm.com/exploits/3101 


http://www.securiteam.com/exploits/5YP082AKAW.html

Internet Explorer MSXML3 Race Condition Memory Corruption Vulnerability

Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability because of a race condition that may cause a NULL-pointer dereference, read or write operations to invalid addresses, or other memory-corruption issues.


Attackers may likely exploit this issue to execute arbitrary machine code in the context of the vulnerable application, but this has not been confirmed. Failed exploit attempts will likely crash the application.


Affected version is the v6 SP2 and earlier of Internet Explorer.  More at http://www.securityfocus.com/bid/21872/discuss

Mozilla Foundation Security Advisories (Dec. 19, 2006)

MFSA 2006-76 XSS using outer window’s Function object
MFSA 2006-75 RSS Feed-preview referrer leak
MFSA 2006-74 Mail header processing heap overflows
MFSA 2006-73 Mozilla SVG Processing Remote Code Execution
MFSA 2006-72 XSS by setting img.src to javascript: URI
MFSA 2006-71 LiveConnect crash finalizing JS objects
MFSA 2006-70 Privilege escallation using watch point
MFSA 2006-69 CSS cursor image buffer overflow (Windows only)
MFSA 2006-68 Crashes with evidence of memory corruption (rv:1.8.0.9/1.8.1.1)
Details on the above advisories at:
http://www.mozilla.org/security/announce/


Security Alerts & Announcements:
http://www.mozilla.org/security/


Security Update (December 19, 2006): Security updates have been issued for Firefox and Thunderbird that fix critical security vulnerabilities. All users should install these udpates as soon as possible.
Firefox 2.0.0.1
Firefox 1.5.0.9
Thunderbird 1.5.0.9
Users should get an automatic update notification; users who have turned off update notification can use the “Check for Updates…” item on the Help menu. If the menu item is disabled you will have to install from a more privileged user account. Contact your site’s computer support staff for help, or help is available through Community Support.

Opera released v9.10 of Opera Browser by adding Phishing filter (fraud protection) and other fixes/improvements

If you are using Opera browser, get the latest version 9.10 which is available now.  One of the new security enhancement is by adding a Fraud Protection (aka Phishing filter).  See Opera’s Fraud Protection in action by viewing the demo at http://portal.opera.com/startup/?tip=fraud


You can download it from http://www.opera.com/download/ or check for updates from the browser which will direct you to the same download link http://www.opera.com/download/.


The complete change log is in http://www.opera.com/docs/changelogs/ 


Changelog for Opera 9.10 for Windows


  • User interface
    Fixed handling of access keys on Web pages with frames.
  • Mail, messaging, and newsfeeds
    Fixed an instability connected with delayed entry of the Master password.
    Deleting of newsfeeds in the panel now both unsubscribes and deletes.
  • Display and scripting
    Improved performance for elements with both :focus and :hover.
    Fixed an issue with opacity on links that have images nested within them.
  • Security
    New Fraud Protection feature (a phishing filter).
    Changed Wand data to a new format. The upgrade to this new format is not reversible.
  • Miscellaneous
    Multiple stability issues solved, including crashes on Gmail and Google Maps.
    Changed the Mozilla User Agent string to include Firefox identification.
    Improved handling of Web site logins on slow connections.
    Cancellation of torrent downloads now functions as expected.
  • Windows-specific changes
    Multimedia keys now function as expected when Opera has focus.
    Enabled loading of Windows Media plugins when Java is turned off.

via Calendar of Updates

Firefox 2.0 delayed by bug outbreak

The new version of open-source browser Firefox has been delayed for a month.


Version 2.0, codenamed Bon Echo, had been due on 26 September but will now make its debut on 24 October. The test schedule has also been adjusted, with the second beta now appearing a week late on 23 August.


The delay has been put down to a small hill of bugs that still have to be ironed out, totalling 87, according to the project’s latest bug list. The new version will have a raft of new features to keep up with those coming in rivals Opera and Internet Explorer 7, including anti-phishing security, a spell checker, integrated RSS news feed handling, and (once-again fashionable) tabbed browsing.


http://www.techworld.com/security/news/index.cfm?NewsID=6672

Mozilla Firefox XML Handler Race Condition Memory Corruption Vulnerability

Mozilla Firefox is prone to a remote memory-corruption vulnerability because of a race condition that may result in double-free or other memory-corruption issues.


Attackers may likely exploit this issue to execute arbitrary machine code in the context of the vulnerable application, but this has not been confirmed. Failed exploit attempts will likely crash the application.


Mozilla Firefox is vulnerable to this issue. Due to code-reuse, other Mozilla products are also likely affected.


It has been reported that the Flock web browser version 0.7.4.1 and the K-Meleon web browser version 1.0.1 are also vulnerable.


Vulnerable:  
Mozilla Firefox 1.5 beta 2
Mozilla Firefox 1.5 beta 1
Mozilla Firefox 1.5 5
Mozilla Firefox 1.5 .4
Mozilla Firefox 1.5 .3
Mozilla Firefox 1.5
Mozilla Firefox 1.0.8
Mozilla Firefox 1.0.7
Mozilla Firefox 1.0.6
Mozilla Firefox 1.0.5
Mozilla Firefox 1.0.5
Mozilla Firefox 1.0.4
Mozilla Firefox 1.0.3
Mozilla Firefox 1.0.2
Mozilla Firefox 1.0.1
Mozilla Firefox 1.0
Mozilla Firefox 0.10.1
Mozilla Firefox 0.10
Mozilla Firefox 0.9.3
Mozilla Firefox 0.9.2
Mozilla Firefox 0.9.1
Mozilla Firefox 0.9 rc
Mozilla Firefox 0.9
Mozilla Firefox 0.8
Mozilla Firefox 2.0 beta 1
Mozilla Firefox 1.5.0.2
Mozilla Firefox 1.5.0.2
Mozilla Firefox 1.5.0.1
K-Meleon K-Meleon 1.0.1
Flock Flock 0.7.4 1


http://www.securityfocus.com/bid/19534/discuss

OneStat.com reported "Most Popular browsers by Country"

Global usage share Mozilla Firefox has increased according to OneStat.com


OneStat.com reported that Mozilla Firefox’s browsers have a total global usage share of 12.93 percent.  The total usage share of Mozilla Firefox increased 1.14 percent since May 2006. The total global usage share of Internet Explorer is 83.05 percent which is 2.12 percent less than at the of May.


View the stats by country at http://www.onestat.com/html/aboutus_pressbox44-mozilla-firefox-has-slightly-increased.html


via Calendar of Updates

IE 7 can be reset finally

The IE team blogged today that Internet Explorer 7 in Windows XP and Vista can be reset if the browser become unstable due to badly written add-ons or side-effect of malware infection. 


They wrote… “We have heard from users on their need to recover Internet Explorer to a workable state if it reaches an unusable state due to spurious add-ons, incompatible browser extensions, spyware or malware. Reset Internet Explorer Settings (RIES) provides a one-button solution to get Internet Explorer settings to its workable state.


Internet Explorer 7 for Windows XP and 7+ in Windows Vista have many security enhancements which make Internet Explorer less susceptible to spyware and malware. But still browsing experience in Internet Explorer can get affected by badly written add-ons. This feature allows Internet Explorer to recover from such situations.”


Read more about Reset Internet Explorer Settings (with screenshots) at their blog.


Note that you shouldn’t depend on this feature in getting rid of spyware or any infection.  It should be use to reset only the IE but not to fix any infection in IE or in your computer!  Use an up-to-date antivirus and antispyware to scan and fix malware infections.