FreeBSD : firefox -- PLUGINSPAGE privileged javascript execution (ce6ac624-aec8-11d9-a788-0001020eed82)

high Nessus Plugin ID 19129

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

A Mozilla Foundation Security Advisory reports :

When a webpage requires a plugin that is not installed the user can click to launch the Plugin Finder Service (PFS) to find an appropriate plugin. If the service does not have an appropriate plugin the EMBED tag is checked for a PLUGINSPAGE attribute, and if one is found the PFS dialog will contain a 'manual install' button that will load the PLUGINSPAGE url.

Omar Khan reported that if the PLUGINSPAGE attribute contains a javascript: url then pressing the button could launch arbitrary code capable of stealing local data or installing malicious code.

Doron Rosenberg reported a variant that injects script by appending it to a malformed URL of any protocol.

Solution

Update the affected packages.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2005-34/

https://bugzilla.mozilla.org/show_bug.cgi?id=288556

https://bugzilla.mozilla.org/show_bug.cgi?id=289171

http://www.nessus.org/u?7fd91945

Plugin Details

Severity: High

ID: 19129

File Name: freebsd_pkg_ce6ac624aec811d9a7880001020eed82.nasl

Version: 1.17

Type: local

Published: 7/13/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:firefox, p-cpe:/a:freebsd:freebsd:linux-firefox, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 4/16/2005

Vulnerability Publication Date: 3/31/2005

Reference Information

CVE: CVE-2005-0752