{"vuid":"VU#398492","idnumber":"398492","name":"Mozilla Firefox may allow chrome URLs to reference remote files","keywords":["Mozilla","Firefox","privilege escalation","chrome","URL","remote files","firefox_1505"],"overview":"Mozilla products allow chrome URLs to reference remote files. This allows a remote attacker to execute code.","clean_desc":"Chrome The Mozilla user interface components outside of the content area are created using chrome. This includes toolbars, menu bars, progress bars, and window title bars. Chrome provides content, locale, and skin information for the user interface. Chrome script Chrome scripts have elevated privileges. Because of the extra privileges, they can perform actions that web scripts cannot. Chrome scripts also do not prompt for permission before executing potentially dangerous commands, such as creating or calling XPCOM components. The Problem The Mozilla foundation reports that it is possible to reference remote files using chrome URLs. If the remote file contains script, it will execute with chrome privileges.","impact":"A remote, unauthenticated attacker may be able to execute code on a vulnerable system with the privileges of the user who opened the affected browser or email application. Note that web pages cannot link directly to chrome: resources, so there is no known way for this vulnerability to be triggered as the result of viewing a web page.","resolution":"Upgrade\nThis issue is addressed in the 1.5.0.5 updates to Mozilla Firefox and Thunderbird, and the 1.0.3 version of Seamonkey. Refer to Mozilla Foundation Security Advisory 2006-56 for more details.","workarounds":"Do not Copy Untrusted Links Do not copy or drag untrusted links that do not begin with http://, https://, or ftp://. Disable JavaScript Disabling JavaScript appears to prevent exploitation of this vulnerability. Instructions for disabling JavaScript can be found in the Malicious Web Scripts FAQ.","sysaffected":"","thanks":"This vulnerability was reported in Mozilla Foundation Security Advisory \n2006-56 Mozilla credits \nBenjamin Smedberg \nfor reporting this vulnerability.","author":"This document was written by Ryan Giobbi.","public":["http://www.mozilla.org/security/announce/2006/mfsa2006-56.html","https://bugzilla.mozilla.org/show_bug.cgi?id=338037","http://secunia.com/advisories/19873/","http://secunia.com/advisories/21216/","http://www.mozilla.org/xpfe/ConfigChromeSpec.html","http://www.mozilla.org/projects/security/components/sectalk/slide16.xml","http://www.cert.org/tech_tips/malicious_code_FAQ.html#mozilla1","http://www.securityfocus.com/bid/19181"],"cveids":["CVE-2006-3812"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-07-27T15:37:59Z","publicdate":"2006-07-25T00:00:00Z","datefirstpublished":"2006-07-31T20:12:07Z","dateupdated":"2007-02-09T14:06:27Z","revision":28,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"13","cam_exploitation":"0","cam_internetinfrastructure":"2","cam_population":"10","cam_impact":"5","cam_easeofexploitation":"2","cam_attackeraccessrequired":"1","cam_scorecurrent":"0.028125","cam_scorecurrentwidelyknown":"0.04125","cam_scorecurrentwidelyknownexploited":"0.07875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.028125,"vulnote":null}