It was discovered that a malicious website could inject arbitrary scripts into a target site by loading it into a frame and navigating back to a previous Javascript URL that contained an eval() call. This could be used to steal cookies or other confidential data from the target site. If the target site is allowed to raise the install confirmation dialog in Firefox then this flaw even allowed the malicious site to execute arbitrary code with the privileges of the Firefox user. By default only the Mozilla Update site is allowed to attempt software installation; however, users can permit this for additional sites. (MFSA 2005-42)
Michael Krax, Georgi Guninski, and L. David Baron found that the security checks that prevent script injection could be bypassed by wrapping a javascript: url in another pseudo-protocol like “view-source:” or “jar:“. (CAN-2005-1531)
27 May 2005
A security issue affects these releases of Ubuntu and its derivatives:
It was discovered that a malicious website could inject arbitrary scripts into a target site by loading it into a frame and navigating back to a previous Javascript URL that contained an eval() call. This could be used to steal cookies or other confidential data from the target site. If the target site is allowed to raise the install confirmation dialog in Firefox then this flaw even allowed the malicious site to execute arbitrary code with the privileges of the Firefox user. By default only the Mozilla Update site is allowed to attempt software installation; however, users can permit this for additional sites. (MFSA 2005-42)
Michael Krax, Georgi Guninski, and L. David Baron found that the security checks that prevent script injection could be bypassed by wrapping a javascript: url in another pseudo-protocol like “view-source:” or “jar:“. (CAN-2005-1531)
A variant of the attack described in CAN-2005-1160 (see USN-124-1) was discovered. Additional checks were added to make sure Javascript eval and Script objects are run with the privileges of the context that created them, not the potentially elevated privilege of the context calling them. (CAN-2005-1532)
Note: These flaws also apply to Ubuntu 5.04’s Mozilla, and to the Ubuntu 4.10 versions of Firefox and Mozilla. These will be fixed soon.
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.