Signature Detail
Short Name |
HTTP:STC:MOZILLA:ARRAY-DANGLE |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Mozilla Firefox Plugin Parameter Array Dangling Pointer |
Release Date |
2010/10/01 |
Update Number |
1784 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Mozilla Firefox Plugin Parameter Array Dangling Pointer
This signature detects attempts to exploit a known vulnerability in Mozilla Firefox. It is due to an error while handling plugins parameters contained in a malicious <object> tag. A remote attacker can exploit this vulnerability by enticing a target user to visit a specially crafted Web page. Successful exploitation can result in arbitrary code execution in the context of the application.
Extended Description
Mozilla Firefox is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. This issue is fixed in Firefox 3.6.8.
Affected Products
- Avaya Aura Session Manager 1.0
- Avaya Aura Session Manager 1.1
- Avaya Aura Session Manager 5.2
- Avaya Aura Session Manager 5.2 SP1
- Avaya Aura Session Manager 5.2 SP2
- Avaya Aura Session Manager 6.0
- Avaya Aura System Manager 5.2
- Avaya Aura System Manager 6.0 SP1
- Avaya Intuity AUDIX
- Avaya Intuity AUDIX LX 1.0
- Avaya Intuity AUDIX LX 2.0
- Avaya Intuity AUDIX LX 2.0 SP1
- Avaya Intuity AUDIX LX 2.0 SP2
- Avaya Intuity AUDIX LX R1.1
- Avaya IQ 5
- Avaya IQ 5.1
- Avaya Message Networking 3.1
- Avaya Message Networking 5.2
- Avaya Messaging Storage Server 4.0
- Avaya Messaging Storage Server 5.0
- Avaya Messaging Storage Server 5.1
- Avaya Messaging Storage Server 5.2
- CometBird 3.6.7
- Mandriva Enterprise Server 5
- Mandriva Enterprise Server 5 X86 64
- Mandriva Linux Mandrake 2008.0
- Mandriva Linux Mandrake 2008.0 X86 64
- Mandriva Linux Mandrake 2009.0
- Mandriva Linux Mandrake 2009.0 X86 64
- Mandriva Linux Mandrake 2009.1
- Mandriva Linux Mandrake 2009.1 X86 64
- Mandriva Linux Mandrake 2010.0
- Mandriva Linux Mandrake 2010.0 X86 64
- Mandriva Linux Mandrake 2010.1
- Mandriva Linux Mandrake 2010.1 X86 64
- Mozilla Firefox 3.6.7
- Red Hat Desktop 3.0.0
- Red Hat Enterprise Linux 5 Server
- Red Hat Enterprise Linux Desktop Version 4
- Red Hat Enterprise Linux AS 3
- Red Hat Enterprise Linux AS 4
- Red Hat Enterprise Linux Desktop 5 Client
- Red Hat Enterprise Linux Desktop Workstation 5 Client
- Red Hat Enterprise Linux ES 3
- Red Hat Enterprise Linux ES 4
- Red Hat Enterprise Linux WS 3
- Red Hat Enterprise Linux WS 4
- Red Hat Fedora 12
- Red Hat Fedora 13
- Slackware Linux 13.0
- Slackware Linux 13.0 X86 64
- Slackware Linux 13.1
- Slackware Linux 13.1 X86 64
- Slackware Linux -Current
- Slackware Linux X86 64 -Current
- SuSE openSUSE 11.1
- SuSE openSUSE 11.2
- SuSE openSUSE 11.3
- SuSE SUSE Linux Enterprise Desktop 10 SP3
- SuSE SUSE Linux Enterprise Desktop 11
- SuSE SUSE Linux Enterprise Desktop 11 SP1
- SuSE SUSE Linux Enterprise SDK 10 SP3
- SuSE SUSE Linux Enterprise SDK 11
- SuSE SUSE Linux Enterprise SDK 11 SP1
- SuSE SUSE Linux Enterprise Server 10 SP3
- SuSE SUSE Linux Enterprise Server 11
- SuSE SUSE Linux Enterprise Server 11 SP1
References
- BugTraq: 41933
- CVE: CVE-2010-2755
- URL: http://www.mozilla.org/security/announce/2010/mfsa2010-48.html