TECHNICAL BULLETIN

T-210: Mozilla Firefox 3.5.1/3.0.12 Multiple Memory Corruption Vulnerabilities

[CVE-2009-2662, CVE-2009-2663, CVE-2009-2664]

August 14, 2009 12:00 GMT


PROBLEM:	Mozilla Firefox is prone to several memory corruption vulnerabilities that will either allow arbitrary code execution or lead to a denial of service.
PLATFORM:	RedHat Fedora 11 RedHat Fedora 10 Mozilla Firefox 3.5.1 Mozilla Firefox 3.5 Mozilla Firefox 3.0.12 Mozilla Firefox 3.0.11 Mozilla Firefox 3.0.10 Mozilla Firefox 3.0.9 Mozilla Firefox 3.0.8 Mozilla Firefox 3.0.7 Beta Mozilla Firefox 3.0.7 Mozilla Firefox 3.0.6 Mozilla Firefox 3.0.5 Mozilla Firefox 3.0.4 Mozilla Firefox 3.0.3 Mozilla Firefox 3.0.2 Mozilla Firefox 3.0.1 Mozilla Firefox 3.0 Beta 5 Mozilla Firefox 3.0
ABSTRACT:	Attackers can exploit these issues by enticing an unsuspecting victim into visiting a specially crafted webpage. Proofs of concept can be obtained from the associated Mozilla reports in the references.

LINKS:
DOE-CIRC BULLETIN:	http://www.doecirc.energy.gov/bulletins/t-210.shtml
OTHER LINKS:	Mozilla Website https://bugzilla.mozilla.org/show_bug.cgi?id=501270 https://bugzilla.mozilla.org/show_bug.cgi?id=502832 http://www.mozilla.org/security/announce/2009/mfsa2009-45.html National Vulnerability Database http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2662 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2663 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2664
CVE:	CVE-2009-2662 CVE-2009-2663 CVE-2009-2664

IMPACT ASSESSMENT:	This risk is high. An attacker can exploit these issues to corrupt memory on the affected computer and potentially run arbitrary code in the context of the user running the affected application. Failed exploit attempts will cause denial-of-service conditions.

[***** Start CVE-2009-2662, CVE-2009-2663, CVE-2009-2664 *****]
Discussion:
Mozilla Firefox is prone to multiple remote memory-corruption vulnerabilities.

An attacker can exploit these issues to corrupt memory on the affected computer and potentially run arbitrary code in the context of the user running the affected application. Failed exploit attempts will cause denial-of-service conditions. Attackers can exploit these issues by enticing an unsuspecting victim into visiting a specially crafted webpage. Proofs of concept can be obtained from the associated Mozilla reports in the references. Below is a description of each vulnerability.

CVE-2009-2662:
The browser engine in Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the TraceRecorder::snapshot function in js/src/jstracer.cpp, and unspecified other vectors.

CVE-2009-2663:
libvorbis before r16182, as used in Mozilla Firefox before 3.0.13 and 3.5.x before 3.5.2 and other products, allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .ogg file.

CVE-2009-2664:
The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript engine in Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to cause a denial of service (assertion failure and application exit) or possibly execute arbitrary code via a crafted .js file, related to a "memory safety bug."

Solution:
Updates are available. Please see the following links for more information.

https://bugzilla.mozilla.org/show_bug.cgi?id=501270
https://bugzilla.mozilla.org/show_bug.cgi?id=502832
http://www.mozilla.org/
http://www.mozilla.org/security/announce/2009/mfsa2009-45.html

Recommendation:
Monitor your system for any suspicious activity.

[***** End CVE-2009-2662, CVE-2009-2663, CVE-2009-2664 *****]

DOE-CIRC services are available to DOE, DOE Contractors, and the NIH. DOE-CIRC can be contacted at:

    Voice:          866-941-2472
    E-mail:          doecirc@doecirc.energy.gov
    World Wide Web:  http://www.doecirc.energy.gov

UCRL-MI-119788