Users of the Mozilla and Firefox browsers and the Thunderbird e-mail client may be vulnerable to flaws that could allow an attacker to spy on or take over a system, according to security researchers.
The most serious bug affects all versions of Mozilla earlier than 1.7.5, and could result in a system crash or the execution of malicious code, the Mozilla Project said. A boundary error in the way Mozilla handles "news://" addresses can be used to cause a heap-based buffer overflow, which crashes the application and may allow for code execution, according to an advisory from Maurycy Prodeus of iSEC Security Research, who discovered the flaw.
An attacker could exploit the bug by creating an overly-long "news://" link, distributed in an e-mail or on a Web page, and enticing a user to click on it. Such methods have been successfully used to spread worms. Mozilla version 1.7.5 fixes the problem. Independent security research firm Secunia gave the bug a "highly critical" rating.
To exploit the flaw, the attacker must point to a real news server that is accessible. Prodeus created a proof-of-concept file that demonstrates the bug.
Firefox and Thunderbird are affected by less serious problems. The first is a vulnerability in the way they store temporary files - the files are sometimes stored with predictable names and in a format that allows anyone to read them. This means a local attacker could easily read the contents of another user's attachments or downloads, according to researchers.
Finally, a Secunia researcher discovered a way of spoofing the names of file downloads in Firefox. A malicious site could use the bug to disguise the true nature of files the user is downloading, or to get information on the presence of specific files on the local system.
These bugs are all fixed in Firefox 1.0 and newer, and Thunderbird 0.9 and newer.
In recent months many users have begun switching to browsers such as Firefox and Mozilla because of increasingly serious security risks affecting Microsoft's dominant Internet Explorer. However, the newfound popularity of the Mozilla-based browsers has been accompanied by greater scrutiny by security researchers, and the regular discovery of new flaws.