Three Firefox Add-Ons are Faulty!

It's unbelievable! Just after the vulnerability that was discovered in the blog editor ScribeFire, three more vulnerabilities have just invaded another extension of Firefox! This time the CoolPreviews, Feed Sidebar and Update Scanner add-ons for Firefox are in trouble. Obviously, not only Mozilla Firefox itself but also its extensions are now a vulnerable target for evil-minded attackers.

As the saying goes, 'appetite comes with eating'. This could be applied to the deeds of malicious people as well. They are going more and more wild, day by day by exploiting not only these but also various other vulnerabilities. As we all know, Mozilla Firefox is very popular amongst web browsers. Therefore, the occurrence of three new vulnerabilities is really scary for many computer users.

So, first of all, let me review the three add-ons for Firefox; that is CoolPreviews, Feed Sidebar and Update Scanner. Do you know the slogan for CoolPreviews? It is, 'Browse faster'. Does this particular slogan give you a hint? Let me be more to the point and tell you that CoolPreviews is all about browsing faster. The customizable preview window allows users to preview or browse just about any link without ever leaving their current page or tab. Tabs are not needed to click in and out. In addition, this specific add-on is completely customizable.

Moving to the first vulnerability that exists in CoolPreviews and was confirmed in version 2.7.2, I'm going to tell you the worst effect of this flaw. By exploiting this vulnerability, remote attackers could compromise a user's system. How does this vulnerability work? It is generated by an input validation error sent through links in web pages and is not correctly sanitized before being rendered in "chrome:" context. This could be exploited with the mischievous aim to inject and execute arbitrary Javascript code in "chrome:" context through a damaging link. For an exploitation to be successful, a user is required to add a malicious link to the CoolPreviews stack.

                                                                                                   Image 1.  CoolPreviews application

Further, looking at the second and third vulnerabilities found in  the other add-ons, Feed Sidebar and Update Scanner, I will also briefly tell you what these particular software components are. Feed Sidebar is an extension for Firefox that shows the items from Live Bookmarks in the sidebar. It is meant to be a lightweight extension of the RSS capabilities already included in Firefox, not an absolutely new feed management system. Now, time to get familiar with Update Scanner. It's main function is to control web pages for updates. In addition, Update Scanner is useful for websites that don't offer Atom or RSS feeds.

Similarly to the vulnerability in CoolPreviews, the second vulnerability found in Feed Sidebar and the third vulnerability in Update Scanner, share the same impacts. That is to say if exploited successfully by attackers, these flaws could allow evil guys to compromise an affected system. The specific weakness related to the second vulnerability is produced by an input validation error sent through RSS feeds which are not correctly sanitized before being used. These could be exploited to execute arbitrary script code within the "chrome:" context and do arbitrary commands on a user's system. For the exploitation of the vulnerability to be successful, a user is required to subscribe to a manipulated RSS feed. The method of exploitation of the vulnerability in Update Scanner is very similar to the method used with CoolPreviews.

                                                                                                   Image 1.  Feed Sidebar application

Now, I would like to inform you about the solution to all three serious security problems. I'm absolutely sure, that is what you are impatiently waiting for. The solution to the first vulnerability in CoolPreviews, is to update installations to version 2.7.6.0623. This particular version is compatible with Mozilla Firefox versions 2.0 - 3.5. The second vulnerability that exists in Feed Sidebar was fixed in version 3.2pre2 and later. It is compatible with Mozilla Firefox version 3.0 - 3.5. Therefore, users are recommended to upgrade installations to version 3.2 or 4.1. Users who have faced the third vulnerability are advised to upgrade installations to version 3.0.5. Update Scanner works with Firefox 3.0 - 3.5 as well. Firefox can run on various versions of Windows like 2000/XP/2003/Vista. Some files related to, for instance, Windows 2000 include: ntbooks.exe, 15_16wdm.sys, cluster.exe, ockodak.dll and examc.sys.