Developer's Mind » Security Exploits

WordPress 2.8.2 Fixes XSS Vulnerability

Pete Mall — Tue, 21 Jul 2009 14:15:32 +0000

WordPress 2.8.2 was released on Monday, July 20 which patches a known XSS vulnerability. The URLs for the commenters(comment authors) were not fully sanitized before being displayed in the admin area which could be exploited to redirect from the admin area to another site. It is recommended to download and upgrade to version 2.8.2 or use the automatic upgrade function of WordPress under Tools > Upgrade from the admin area.

JIT Fixed in Firefox 3.5.1, New Vulnerability Exposed

Pete Mall — Mon, 20 Jul 2009 04:16:55 +0000

Firefox 3.5.1 was released on Friday, July 17 which included a patch for the Just-in-time (JIT) JavaScript compiler exploit. However, a new stack-based buffer overflow vulnerability has been exposed with sample exploit code. An attacker can cause a buffer overflow and execute arbitrary code by sending a very long unicode string to the document.write JavaScript method.

Currently, there is no patch for this vulnerability. The NoScript Add-On will not help against this exploit because this vulnerability may be exploited if an untrusted site is loaded using XSS or a compromised white-listed site.

Mozilla has acknowledged the vulnerability, but claims that it cannot be exploited. Mike Shaver wrote the following on the Mozilla Security Blog:

“In the last few days, there have been several reports of a bug in Firefox related to handling of certain very long Unicode strings. While these strings can result in crashes of some versions of Firefox, the reports by press and various security agencies have incorrectly indicated that this is an exploitable bug. Our analysis indicates that it is not, and we have seen no example of exploitability.”

Critical JavaScript Vulnerability Surfaces in Firefox 3.5

Pete Mall — Wed, 15 Jul 2009 14:38:08 +0000

Firefox 3.5 boasts of screaming fast JavaScript performance — almost twice as fast as Firefox 3. Firefox 3.5 attributes its dramatically better JavaScript performance to the TraceMonkey Just-in-time (JIT) JavaScript compiler. However, a serious remote buffer overflow security exploit was discovered last week in Firefox 3.5’s Just-in-time (JIT) JavaScript compiler, which enables the execution of malicious code.

An attacker can trick a victim to view a webpage containing the exploit code, thereby infecting the victim’s machine. Fortunately, the JIT JavaScript compiler can be disabled. Type about:config in the location bar and jit in the filter on the config page. Double click javascript.options.jit.content to set the value to false to disable JIT. You can also disable JIT by running Firefox in Safe Mode. You will see a drastic decrease in JavaScript performance by disabling JIT but you can enable it, when this exploit is patched, by setting the javascript.options.jit.content to true.

Disable JIT in Firefox 3.5

The security exploit has already been patched in nightly build 3.6 on July 14 available here. The patch will be a part of the 3.5.x release which was initially scheduled for the end of July but has been moved up.