CVE-2005-0588 in Firefox
Summary
by MITRE
Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 05/31/2019
This vulnerability resides in the cross-site scripting protection mechanisms of Mozilla Firefox and Mozilla browser engines prior to version 1.0.1 and 1.7.6 respectively. The flaw stems from insufficient validation of xsl:include and xsl:import directives within XSLT stylesheet processing, which are XML transformation elements designed to incorporate external stylesheet components. When processing malicious XSLT content, the affected browsers fail to enforce domain restriction policies that should prevent these directives from accessing local files through the file system protocol.
The technical implementation of this vulnerability exploits the XSLT transformation engine's handling of external resource references. XSLT processors traditionally support xsl:include and xsl:import elements to combine multiple stylesheet fragments or import external libraries. However, the security boundary in older Mozilla implementations allows these directives to bypass normal domain restrictions and access local file paths when the stylesheet is processed. This occurs because the parser does not properly validate that the referenced resources originate from the same domain as the requesting document, creating an information disclosure channel.
Attackers can leverage this vulnerability by crafting malicious XSLT content that references local files using the file:// protocol within xsl:include or xsl:import statements. When the victim's browser processes this content, the transformation engine attempts to resolve these references and can reveal whether specific files exist on the local system. This creates a directory traversal attack vector where remote adversaries can enumerate the local file system structure and potentially identify sensitive files or system configurations. The vulnerability specifically affects the XSLT processing pipeline in the browser's XML parser and transformation engine.
The operational impact of this vulnerability extends beyond simple file enumeration as it provides attackers with information that can be used for subsequent exploitation attempts. An attacker who successfully determines the existence of specific local files can then craft more targeted attacks against those resources, potentially leading to privilege escalation or information disclosure. The vulnerability also demonstrates a fundamental flaw in the browser's security model for handling external resource references in XML processing contexts, particularly affecting web applications that rely on XSLT transformations for content rendering. This represents a category of vulnerabilities classified under CWE-22 as Improper Limitation of a Pathname to a Restricted Directory and CWE-352 as Cross-Site Request Forgery, with potential ATT&CK framework mappings to T1059.007 for XSLT and T1083 for File and Directory Discovery.
Mitigation strategies for this vulnerability involve upgrading to patched versions of Firefox and Mozilla browsers where domain restriction policies for XSLT external references have been properly implemented. Browser vendors should enforce strict validation of xsl:include and xsl:import directives to ensure they only reference resources from the same domain or are explicitly authorized through secure mechanisms. Additionally, web applications should avoid processing untrusted XSLT content and implement proper input validation to prevent injection of malicious transformation directives. Network security measures including web application firewalls can help detect and block suspicious XSLT processing patterns, while security monitoring should track unusual file system access patterns that may indicate exploitation attempts. The vulnerability highlights the importance of maintaining up-to-date browser software and implementing defense-in-depth strategies for XML processing components in web applications.