SecuriTeam - ScribeFire Firefox Extension Code Injection Vulnerability

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Ask the Team
Mailing Lists
Advertising Info
Advisories
About SecuriTeam
Blogs

Brought to you by:

Suppliers of:

SecuriTeam in Your Inbox

New vulnerability?
New tool?
Tell us
(Our PGP key).

CanSecWest 2012

2nd Annual Cyber Security

Hack In Paris

The ScribeFire Firefox extension provides an interface for users to post to their blogs from any website. It allows users to drag images from a website into the editing pane, which publishes that image as part of their blog post.

ScribeFire is vulnerable to multiple injection vulnerabilities which can be exploited through a malicious image. Cross-Site Scripting and HTML injection vulnerabilities were discovered within the DOM event handlers of tags. ScribeFire directly evaluates remotely supplied content, within the privileged chrome context. This can allow an image on a website to exploit users who share it, and may lead to the complete compromise of the host.

Credit:
The information has been provided by Nick Freeman.
The original article can be found at: http://security-assessment.com/files/advisories/ScribeFire_Firefox_Extension_Privileged_Code_Injection.pdf

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Protect your website!
Use an External Vulnerability Scanner!
Nothing to install. First report in 1 hour!
www.beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* ScribeFire Firefox Extension version 3.4.1

Immune Systems:
* ScribeFire Firefox Extension version 3.4.2

This vulnerability can be exploited in several ways. As the injection point is in the chrome privileged browser zone, it is possible to bypass Same Origin Policy (SOP) protections, and also access Mozilla built-in XPCOM components. XPCOM components can be used to read and write from the file system, as well as execute arbitrary commands, steal stored passwords, or modify other Firefox extensions.

Patch Availability:
The vendor supplied patch is available from Mozilla:
https://addons.mozilla.org/en-US/firefox/addon/1730

Disclosure Timeline:
July 10, 2009 - developer contacted
July 20, 2009 - fix released

blog comments powered by Disqus

	HP Data Protector LogBackupLocationStatus SQL Injection Vulnerabilty
	InduSoft WebStudio Unauthenticated Operations Code Execution Vulnerabilityy
	InduSoft WebStudio CEServer Operation 0x15 Code Execution Vulnerability
	HP Data Protector Notebook Extension RequestCopy SQL Injection Vulnerabilty
	HP Data Protector Notebook Extension LogClientInstallation SQL Injection Vulnerabilty
	HP Data Protector Notebook Extension GetPolicies SQL Injection Vulnerabilty
	GE Proficy Historian ihDataArchiver.exe Trusted Header Size Code Execution Vulnerability
	HP Data Protector Notebook Extension LogClientHealth SQL Injection Vulnerabilty
	HP Data Protector Notebook Extension LogCopyOperation SQL Injection Vulnerabilty
	HP Data Protector Notebook Extension FinishedCopy SQL Injection Vulnerabilty
	Novell ZENWorks Software Packaging ISGrid.Grid2.1 Text Parameter Code Execution Vulnerabilit
	Adobe Reader BMP Image RLE Decoding Code Execution Vulnerability
	Apple QuickTime H264 Matrix Conversion Code Execution Vulnerability
	Apple QuickTime FLC Delta Decompression Code Execution Vulnerability
	Apple Quicktime PnPixPat PatType 3 Parsing Code Execution Vulnerability