May 2005

ID: 00392
Ref: 362/05
Date: 09 May 2005:16:35:00
Version: 1

---

Title: Two Mozilla Firefox Vulnerabilities
Abstract: UNIRAS have been made aware of two vulnerabilities in Mozilla Firefox. Proof of concept code is publicly available... UNIRAS are continuing to monitor the situation, and will provide additional information as and when it becomes available.
Vendors affected: Mozilla
Applications affected: Mozilla

---

Title
=====
Two Mozilla Firefox Vulnerabilities

Detail
======

UNIRAS have been made aware of two vulnerabilities in Mozilla Firefox. Proof of concept
code is publicly available. As the issue is still developing, you may wish to visit the
following pages for up to date information:


MOZILLA.ORG
"Security Advisory (May 8, 2005) The Mozilla Foundation is aware of two potentially critical
Firefox security vulnerabilities as reported publicly Saturday, May 7th. There are currently
no known active exploits of these vulnerabilities although a "proof of concept" has been
reported. Changes to the Mozilla Update web service have been made to mitigate the risk of
an exploit. Mozilla is aggressively working to provide a more comprehensive solution to
these potential vulnerabilities and will provide that solution in a forthcoming security
update. Users can further protect themselves today by temporarily disabling JavaScript or
disabling "Allow web sites to install software" option in Tools > Options > Web Features."

http://www.mozilla.org/security/#Security_Alerts


SECUNIA.COM
Rating: Extremely Critical (5/5)
"Two vulnerabilities have been discovered in Firefox, which can be exploited by malicious
people to conduct cross-site scripting attacks and compromise a user's system."

"The vulnerabilities have been confirmed in version 1.0.3. Other versions may also be
affected."

http://secunia.com/advisories/15292/


UNIRAS are continuing to monitor the situation, and will provide additional
information as and when it becomes available.