Signature Detail

HTTP: Mozilla FireFox defineSetter Code Execution

This signature detects attempts to exploit a known vulnerability in the Mozilla browser. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.

Extended Description

Mozilla Firefox is prone to a remote code-execution vulnerability. Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed attempts will likely result in denial-of-service conditions. Versions prior to Firefox 3.5 and 3.0.12 are vulnerable. This vulnerability was previously covered in BID 35758 (Mozilla Firefox MFSA 2009-34, -35, -36, -37, -39, -40 Multiple Vulnerabilities) but has been assigned its own record to better document the issue.

Affected Products

• Debian Linux 5.0
• Debian Linux 5.0 Alpha
• Debian Linux 5.0 Amd64
• Debian Linux 5.0 Arm
• Debian Linux 5.0 Armel
• Debian Linux 5.0 Hppa
• Debian Linux 5.0 Ia-32
• Debian Linux 5.0 Ia-64
• Debian Linux 5.0 M68k
• Debian Linux 5.0 Mips
• Debian Linux 5.0 Mipsel
• Debian Linux 5.0 Powerpc
• Debian Linux 5.0 S/390
• Debian Linux 5.0 Sparc
• Mandriva Enterprise Server 5
• Mandriva Enterprise Server 5 X86 64
• Mandriva Linux Mandrake 2009.0
• Mandriva Linux Mandrake 2009.0 X86 64
• Mandriva Linux Mandrake 2009.1
• Mandriva Linux Mandrake 2009.1 X86 64
• Mozilla Firefox 3.0
• Mozilla Firefox 3.0.1
• Mozilla Firefox 3.0.10
• Mozilla Firefox 3.0.11
• Mozilla Firefox 3.0.2
• Mozilla Firefox 3.0.3
• Mozilla Firefox 3.0.4
• Mozilla Firefox 3.0.5
• Mozilla Firefox 3.0.6
• Mozilla Firefox 3.0.7
• Mozilla Firefox 3.0.7 Beta
• Mozilla Firefox 3.0.8
• Mozilla Firefox 3.0.9
• Mozilla Firefox 3.0 Beta 5
• Mozilla XULRunner 1.9
• Mozilla XULRunner 1.9.0.12
• Pardus Linux 2008
• Pardus Linux 2009
• Red Hat Enterprise Linux 5 Server
• Red Hat Enterprise Linux Desktop Version 4
• Red Hat Enterprise Linux AS 4
• Red Hat Enterprise Linux Desktop 5 Client
• Red Hat Enterprise Linux Desktop Workstation 5 Client
• Red Hat Enterprise Linux ES 4
• Red Hat Enterprise Linux WS 4
• Red Hat Fedora 10
• Slackware Linux 12.2
• Sun OpenSolaris Build Snv 100
• Sun OpenSolaris Build Snv 101
• Sun OpenSolaris Build Snv 101A
• Sun OpenSolaris Build Snv 102
• Sun OpenSolaris Build Snv 103
• Sun OpenSolaris Build Snv 104
• Sun OpenSolaris Build Snv 105
• Sun OpenSolaris Build Snv 106
• Sun OpenSolaris Build Snv 107
• Sun OpenSolaris Build Snv 108
• Sun OpenSolaris Build Snv 109
• Sun OpenSolaris Build Snv 110
• Sun OpenSolaris Build Snv 111
• Sun OpenSolaris Build Snv 111A
• Sun OpenSolaris Build Snv 112
• Sun OpenSolaris Build Snv 113
• Sun OpenSolaris Build Snv 114
• Sun OpenSolaris Build Snv 115
• Sun OpenSolaris Build Snv 116
• Sun OpenSolaris Build Snv 117
• Sun OpenSolaris Build Snv 118
• Sun OpenSolaris Build Snv 95
• Sun OpenSolaris Build Snv 96
• Sun OpenSolaris Build Snv 98
• Sun OpenSolaris Build Snv 99
• SuSE openSUSE 10.3
• SuSE openSUSE 11.0
• SuSE openSUSE 11.1
• SuSE SUSE Linux Enterprise 10 SP2 DEBUGINFO
• SuSE SUSE Linux Enterprise 11
• SuSE SUSE Linux Enterprise Desktop 10 SP2
• SuSE SUSE Linux Enterprise Desktop 11
• SuSE SUSE Linux Enterprise SDK 10 SP2
• SuSE SUSE Linux Enterprise Server 10 SP2
• SuSE SUSE Linux Enterprise Server 11
• SuSE SUSE Linux Enterprise Server 11 DEBUGINFO
• Ubuntu Ubuntu Linux 8.04 LTS Amd64
• Ubuntu Ubuntu Linux 8.04 LTS I386
• Ubuntu Ubuntu Linux 8.04 LTS Lpia
• Ubuntu Ubuntu Linux 8.04 LTS Powerpc
• Ubuntu Ubuntu Linux 8.04 LTS Sparc
• Ubuntu Ubuntu Linux 8.10 Amd64
• Ubuntu Ubuntu Linux 8.10 I386
• Ubuntu Ubuntu Linux 8.10 Lpia
• Ubuntu Ubuntu Linux 8.10 Powerpc
• Ubuntu Ubuntu Linux 8.10 Sparc
• Ubuntu Ubuntu Linux 9.04 Amd64
• Ubuntu Ubuntu Linux 9.04 I386
• Ubuntu Ubuntu Linux 9.04 Lpia
• Ubuntu Ubuntu Linux 9.04 Powerpc
• Ubuntu Ubuntu Linux 9.04 Sparc

References

• BugTraq: 35772
• CVE: CVE-2009-2469