{"vuid":"VU#519317","idnumber":"519317","name":"Mozilla Firefox fails to properly perform security checks on \"_search\" target","keywords":["Mozilla","Firefox","security checks","_search target","sidebar","MFSA2005-39"],"overview":"A vulnerability in Mozilla Firefox may allow a remote attacker to install malicious code on or read protected information from a vulnerable system.","clean_desc":"The Firefox web browser features the ability to open a hyperlink in the \"search\" web panel. Firefox fails to perform adequate security checks on links opened in the web panel. According to the Mozilla advisory on this issue: Sites can use the _search target to open links in the Firefox sidebar. Two missing security checks allow malicious scripts to first open a privileged page (such as about:config) and then inject script using a javascript: url. This could be used to install malicious code or steal data without user interaction. Updated versions of the Firefox browser disallow javascript: and data: URIs from being opened in the search Web panel. They also perform an additional security check to prevent privileged pages, such as about:plugins, from being opened in the search Web panel.","impact":"A remote attacker may be able to install malicious code on or read protected information from a vulnerable system.","resolution":"Upgrade The Mozilla Software Foundation has published Mozilla Foundation Security Advisory 2005-39 in response to this issue. Users are encouraged to review this advisory and upgrade to the versions of the affected software it refers to.","workarounds":"Workarounds Users who are unable to upgrade to a fixed version of the software are encouraged to disable Javascript in their browsers.","sysaffected":"","thanks":"Thanks to the Mozilla Foundation for reporting this vulnerability. The Mozilla Foundation, in turn, credits \nKohei Yoshino\n with reporting this issue to them.","author":"This document was written by Chad Dougherty and Will Dormann based on information provided by the Mozilla Foundation.","public":["http://www.mozilla.org/security/announce/mfsa2005-39.html","https://bugzilla.mozilla.org/show_bug.cgi?id=290079","http://secunia.com/advisories/14938/","http://secunia.com/advisories/14992/"],"cveids":["CVE-2005-1158"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-04-19T14:22:02Z","publicdate":"2005-04-15T00:00:00Z","datefirstpublished":"2005-04-20T20:52:51Z","dateupdated":"2005-12-22T19:47:58Z","revision":14,"vrda_d1_directreport":"0","vrda_d1_population":"4","vrda_d1_impact":"3","cam_widelyknown":"20","cam_exploitation":"0","cam_internetinfrastructure":"8","cam_population":"10","cam_impact":"15","cam_easeofexploitation":"12","cam_attackeraccessrequired":"20","cam_scorecurrent":"18.9","cam_scorecurrentwidelyknown":"18.9","cam_scorecurrentwidelyknownexploited":"32.4","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":18.9,"vulnote":null}