MGASA-2013-0248

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code (CVE-2013-1701).

Mozilla security researcher mozbugr_a4 reported that through an interaction of frames and browser history it was possible to make the browser believe attacker-supplied content came from the location of a previous page in browser history. This allows for cross-site scripting (XSS) attacks by loading scripts from a misrepresented malicious site through relative locations and the potential access of stored credentials of a spoofed site (CVE-2013-1709).

Mozilla security researcher mozbugr_a4 reported a mechanism to execute arbitrary code or a cross-site scripting (XSS) attack when Certificate Request Message Format (CRMF) request is generated in certain circumstances (CVE-2013-1710).

Security researcher Cody Crews reported that some Javascript components will perform checks against the wrong uniform resource identifier (URI) before performing security sensitive actions. This will return an incorrect location for the originator of the call. This could be used to bypass same-origin policy, allowing for cross-site scripting (XSS) or the installation of malicious add-ons from third-party pages (CVE-2013-1713).

Mozilla community member Federico Lanusse reported a mechanism where a web worker can violate same-origin policy and bypass cross-origin checks through XMLHttpRequest. This could allow for cross-site scripting (XSS) attacks by web workers (CVE-2013-1714).

Security researcher Georgi Guninski reported an issue with Java applets where in some circumstances the applet could access files on the local system when loaded using the a file:/// URI and violate file origin policy due to interaction with the codebase parameter. This affects applets running on the local file system. Mozilla developer John Schoenick later discovered that fixes for this issue were inadequate and allowed the invocation of Java applets to bypass security checks in additional circumstances. This could lead to untrusted Java applets having read-only access on the local files system if used in conjunction with a method to download a file to a known or guessable path (CVE-2013-1717).