Author Topic: Another firefox vulnerability!  (Read 6418 times)

0 Members and 1 Guest are viewing this topic.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Another firefox vulnerability!
« on: February 08, 2005, 12:27:50 pm »
Quote
__Summary

Using plugins like Flash and the -moz-opacity filter it is possible to display the about:config site in a hidden frame or a new window.

By making the user double-click at a specific screen position (e.g. using a DHTML game) you can silently toggle the status of boolean config parameters.

As long as the number of about:config parameters is unchanged (unlikely a casual user will change them) you can move the parameter you want to the specified screen position by using CSS.

You can also load about:config using the real player plugin and merged url events. See the real producer documentation for details and merge a command like "u 0:0:0:0.0 0:0:0:30.0 &&targetframe&&about:config"

__Proof-of-Concept

http://www.mikx.de/fireflashing/

__Status

The bug is marked as fixed in bugzilla. Get a nightly build, compile on your own or wait for Firefox 1.0.1.

2005-02-01 Vendor informed (bugzilla.mozilla.org #280664)
2005-02-01 Vendor confirmed bug
2005-02-04 Vendor fixed bug

2005-02-07 Public disclosure

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0232 to this issue.

__Affected Software

Tested with Firefox 1.0 and Mozilla 1.7.5

__Contact Informations

Michael Krax <mikx@mikx.de>
http://www.mikx.de/?p=10

mikx

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Again, fixed in 3 days :)

Offline Mythix

  • The Dude
  • x86
  • Hero Member
  • *****
  • Posts: 1569
  • Victory
    • View Profile
    • Dark-Wire
Re: Another firefox vulnerability!
« Reply #1 on: February 08, 2005, 01:01:30 pm »
<3 their dev team.
Philosophy, n. A route of many roads leading from nowhere to nothing.

- Ambrose Bierce


Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: Another firefox vulnerability!
« Reply #2 on: February 08, 2005, 07:48:29 pm »
Read an article in Wired about Firefox.

"It took Microsoft six weeks to patch a vulnerability to a trojan; it took Mozilla 72 hours to identify, fix, and put out a patch for the same bug."

Something along those lines. :)
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline MyndFyre

  • Boticulator Extraordinaire
  • x86
  • Hero Member
  • *****
  • Posts: 4540
  • The wait is over.
    • View Profile
    • JinxBot :: the evolution in boticulation
Re: Another firefox vulnerability!
« Reply #3 on: February 08, 2005, 08:55:56 pm »
Perhaps it might have something to do with a broad user base.......

Nah.......
I have a programming folder, and I have nothing of value there

Running with Code has a new home!

Our species really annoys me.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Another firefox vulnerability!
« Reply #4 on: February 08, 2005, 09:19:04 pm »
Internet Explorer has like 93% user base, so unless lower user base is better....

Offline MyndFyre

  • Boticulator Extraordinaire
  • x86
  • Hero Member
  • *****
  • Posts: 4540
  • The wait is over.
    • View Profile
    • JinxBot :: the evolution in boticulation
Re: Another firefox vulnerability!
« Reply #5 on: February 08, 2005, 09:26:52 pm »
Internet Explorer has like 93% user base, so unless lower user base is better....

Ok....  So, let's say FireFox has a 5% user base.  It then takes 3 days to fix a patch.
3 days x 18 = 54 days.  54 days / 7 days/wk = 7.71 weeks.

Assuming the breadth of market share that Microsoft has to cover grows proportionately to its user base, MS is actually beating FireFox, and that's assuming IE has 90% market share to FireFox's 5%.

In other words, MS has to make sure that IE works on a much broader range of systems than FF does.
I have a programming folder, and I have nothing of value there

Running with Code has a new home!

Our species really annoys me.

Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: Another firefox vulnerability!
« Reply #6 on: February 08, 2005, 09:29:47 pm »
I was editing about:config the other day to edit speed.

And Myndy, I bet the amount of IE users who update their system and actually get the vulnerability updates is less then the amount of Mozilla users (who update their system, since all Firefox users know how to correctly use a computer. You can't say that for all IE users, however ;))
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Offline MyndFyre

  • Boticulator Extraordinaire
  • x86
  • Hero Member
  • *****
  • Posts: 4540
  • The wait is over.
    • View Profile
    • JinxBot :: the evolution in boticulation
Re: Another firefox vulnerability!
« Reply #7 on: February 08, 2005, 09:50:58 pm »
I was editing about:config the other day to edit speed.

And Myndy, I bet the amount of IE users who update their system and actually get the vulnerability updates is less then the amount of Mozilla users (who update their system, since all Firefox users know how to correctly use a computer. You can't say that for all IE users, however ;))

As a percentage, probably.  As an absolute number, I doubt it; generally, more than 5% of the population running IE know how to operate the computer.  At least a significant number are entirely business-oriented, and the users don't need to worry about updating it themselves, as their IT departments will do it for them.
I have a programming folder, and I have nothing of value there

Running with Code has a new home!

Our species really annoys me.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Another firefox vulnerability!
« Reply #8 on: February 08, 2005, 10:18:17 pm »
Internet Explorer has like 93% user base, so unless lower user base is better....

That makes no sense.  But let's go the other way:

Ok....  So, let's say FireFox has a 5% user base.  It then takes 3 days to fix a patch.
3 days x 18 = 54 days.  54 days / 7 days/wk = 7.71 weeks.

Assuming the breadth of market share that Microsoft has to cover grows proportionately to its user base, MS is actually beating FireFox, and that's assuming IE has 90% market share to FireFox's 5%.

In other words, MS has to make sure that IE works on a much broader range of systems than FF does.

That makes no sense.  Let's try a different calculation. 

Firefox has a 5% user base.  Approximately 1% of users get exploited per day, for 5 days.  5% of 5% is small.
IE has a 95% user base.  Approximately 1% of users get exploited per day, for 54 days.  That's a hell of a lot of exploits.

It seems to me that the higher user base you have, the faster you should be getting patches out.

Offline MyndFyre

  • Boticulator Extraordinaire
  • x86
  • Hero Member
  • *****
  • Posts: 4540
  • The wait is over.
    • View Profile
    • JinxBot :: the evolution in boticulation
Re: Another firefox vulnerability!
« Reply #9 on: February 09, 2005, 03:05:49 am »
Internet Explorer has like 93% user base, so unless lower user base is better....

That makes no sense.  But let's go the other way:

Ok....  So, let's say FireFox has a 5% user base.  It then takes 3 days to fix a patch.
3 days x 18 = 54 days.  54 days / 7 days/wk = 7.71 weeks.

Assuming the breadth of market share that Microsoft has to cover grows proportionately to its user base, MS is actually beating FireFox, and that's assuming IE has 90% market share to FireFox's 5%.

In other words, MS has to make sure that IE works on a much broader range of systems than FF does.

That makes no sense.  Let's try a different calculation.  

Firefox has a 5% user base.  Approximately 1% of users get exploited per day, for 5 days.  5% of 5% is small.
IE has a 95% user base.  Approximately 1% of users get exploited per day, for 54 days.  That's a hell of a lot of exploits.

It seems to me that the higher user base you have, the faster you should be getting patches out.


You're missing my point.  What I'm saying is that because IE has a potentially much more broad range of systems on which it must run, with varied configurations, it must go through more significant QA checks.

I understand what you're saying, that they need to get patches out because a lot of the population is vulnerable.  My point is, because they're targetting more users, they need to put the product through significantly more thorough quality assurance.
I have a programming folder, and I have nothing of value there

Running with Code has a new home!

Our species really annoys me.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Another firefox vulnerability!
« Reply #10 on: February 09, 2005, 09:28:04 am »
My point is that user base shouldn't affect patch time.  If you can agree with both my and your points, then they should be trying to get the patch out faster and slower, which doesn't make sense.  I don't see any way out of that contradiction, except to say that patch time shouldn't be affected by user base.