Ubuntu
firefox package

[warty] Firefox Window Injection Vulnerability

Bug #11193 reported by John Dong on 2004-12-14

10

Affects		Status	Importance	Assigned to	Milestone
	firefox (Ubuntu)	Fix Released	Critical	Thom May	Ubuntu ubuntu-4.10

Bug Description

http://secunia.com/multiple_browsers_window_injection_vulnerability_test/

I am able to reproduce this flaw with Warty's firefox.

However, Hoary's firefox doesn't seem to suffer from this problem...

http://secunia.com/multiple_browsers_window_injection_vulnerability_test/: http://secunia.com/multiple_browsers_window_injection_vulnerability_test/

See original description

CVE References

Revision history for this message

Martin Pitt (pitti) wrote on 2005-01-02:

#1

Relevant upstream bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=273699

No patch for now :-( Thom, do you know about any news about this?

Revision history for this message

Chuck Short (zulcss) wrote on 2005-01-03:

#2

This is being tracked in bug #103638.

https://bugzilla.mozilla.org/show_bug.cgi?id=103638

Regards
chuck

Revision history for this message

Matt Zimmerman (mdz) wrote on 2005-01-04:

#3

They are considered two separate bugs upstream; if they are indeed the same,
someone should point this out at bugzilla.mozilla.org

Revision history for this message

Martin Pitt (pitti) wrote on 2005-01-19:

#4

I tested this again, Hoary is still vulnerable. However, there now is an
upstream patch (aka rewrite), so I think it is time for an update.

FYI, and for changelog inclusion, here is the CAN:

Candidate: CAN-2004-1156
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1156
Reference: MISC:http://secunia.com/secunia_research/2004-13/advisory/
Reference: MISC:http://secunia.com/advisories/13129/
Reference:
MISC:http://secunia.com/multiple_browsers_window_injection_vulnerability_test/

Mozilla through 1.7.x, and Mozilla Firefox through 1.x, allows remote
attackers to spoof arbitrary web sites by injecting content from one
window into a target window whose name is known but resides in a
different domain, as demonstrated using a pop-up window on a trusted
web site, aka the "window injection" vulnerability.

Revision history for this message

Martin Pitt (pitti) wrote on 2005-02-24:

#5

This bug certainly deserves to be owned by our Mozilla guru.

Revision history for this message

Matt Zimmerman (mdz) wrote on 2005-03-04:

#6

This is marked as a critical security bug, and has been open for over a month
now. What is its status?

Revision history for this message

Martin Pitt (pitti) wrote on 2005-03-05:

#7

(In reply to comment #6)
> This is marked as a critical security bug, and has been open for over a month
> now. What is its status?

This issue is fixed in FireFox 1.0.1 and Mozilla 1.7.6, both are supposed to be
packaged for Hoary.

Warty is a difficult issue, though. The proposed patch is huuuge and does not
apply at all to 0.9.3 (Thom already tried in vain for hours). Thus I have no
idea how this could be fixed in Warty.

Revision history for this message

Thom May (thombot) wrote on 2005-03-15:

#8

mozilla-firefox (1.0.1-2ubuntu1) hoary; urgency=low
.
   * Resynchronise with Debian.
     Security fixes: CAN-2004-1156 - Window Injection Vulnerability
                     CAN-2005-0232 - Fireflashing
                     CAN-2005-0231 - Firetabbing
   * Add patch to render hebrew RtL rather than LtR
   * Add patch to make ',' on the numpad work correctly (Ubuntu: #6301)

Revision history for this message

Martin Pitt (pitti) wrote on 2005-07-29:

#9

Warty was fixed in USN-149-3.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

ubuntu-bugzilla #4679 Edit

Bug watches keep track of this bug in other bug trackers.