Signature Detail

HTTP: Mozilla Firefox Web Browser Select Element Heap Use After Free

This signature detects attempts to exploit a known vulnerability against Mozilla Firefox Web Browser. A successful attack can lead to arbitrary code execution.

Extended Description

Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a destroyed SELECT element.

Affected Products

• mozilla firefox 19.0
• mozilla firefox 19.0.1
• mozilla firefox 19.0.2
• mozilla firefox 20.0
• mozilla firefox 20.0.1
• mozilla firefox 21.0
• mozilla firefox 22.0
• mozilla firefox 23.0
• mozilla firefox up to 23.0.1
• mozilla seamonkey 2.0.1
• mozilla seamonkey 2.0.10
• mozilla seamonkey 2.0.11
• mozilla seamonkey 2.0.12
• mozilla seamonkey 2.0.13
• mozilla seamonkey 2.0.14
• mozilla seamonkey 2.0.2
• mozilla seamonkey 2.0.3
• mozilla seamonkey 2.0.4
• mozilla seamonkey 2.0.5
• mozilla seamonkey 2.0.6
• mozilla seamonkey 2.0.7
• mozilla seamonkey 2.0.8
• mozilla seamonkey 2.0.9
• mozilla seamonkey 2.0 (alpha_1)
• mozilla seamonkey 2.0 (alpha_2)
• mozilla seamonkey 2.0 (alpha_3)
• mozilla seamonkey 2.0 (beta_1)
• mozilla seamonkey 2.0 (beta_2)
• mozilla seamonkey 2.0 (rc1)
• mozilla seamonkey 2.0 (rc2)
• mozilla seamonkey 2.10.1
• mozilla seamonkey 2.10 (beta1)
• mozilla seamonkey 2.10 (beta2)
• mozilla seamonkey 2.10 (beta3)
• mozilla seamonkey 2.11 (beta1)
• mozilla seamonkey 2.11 (beta2)
• mozilla seamonkey 2.11 (beta3)
• mozilla seamonkey 2.11 (beta4)
• mozilla seamonkey 2.11 (beta5)
• mozilla seamonkey 2.11 (beta6)
• mozilla seamonkey 2.12.1
• mozilla seamonkey 2.12 (beta1)
• mozilla seamonkey 2.12 (beta2)
• mozilla seamonkey 2.12 (beta3)
• mozilla seamonkey 2.12 (beta4)
• mozilla seamonkey 2.12 (beta5)
• mozilla seamonkey 2.12 (beta6)
• mozilla seamonkey 2.13.1
• mozilla seamonkey 2.13.2
• mozilla seamonkey 2.13 (beta1)
• mozilla seamonkey 2.13 (beta2)
• mozilla seamonkey 2.13 (beta3)
• mozilla seamonkey 2.13 (beta4)
• mozilla seamonkey 2.13 (beta5)
• mozilla seamonkey 2.13 (beta6)
• mozilla seamonkey 2.14 (beta1)
• mozilla seamonkey 2.14 (beta2)
• mozilla seamonkey 2.14 (beta3)
• mozilla seamonkey 2.14 (beta4)
• mozilla seamonkey 2.14 (beta5)
• mozilla seamonkey 2.15.1
• mozilla seamonkey 2.15.2
• mozilla seamonkey 2.15 (beta1)
• mozilla seamonkey 2.15 (beta2)
• mozilla seamonkey 2.15 (beta3)
• mozilla seamonkey 2.15 (beta4)
• mozilla seamonkey 2.15 (beta5)
• mozilla seamonkey 2.15 (beta6)
• mozilla seamonkey 2.16.1
• mozilla seamonkey 2.16.2
• mozilla seamonkey 2.16 (beta1)
• mozilla seamonkey 2.16 (beta2)
• mozilla seamonkey 2.16 (beta3)
• mozilla seamonkey 2.16 (beta4)
• mozilla seamonkey 2.16 (beta5)
• mozilla seamonkey 2.17.1
• mozilla seamonkey 2.17 (beta1)
• mozilla seamonkey 2.17 (beta2)
• mozilla seamonkey 2.17 (beta3)
• mozilla seamonkey 2.17 (beta4)
• mozilla seamonkey 2.18 (beta1)
• mozilla seamonkey 2.18 (beta2)
• mozilla seamonkey 2.18 (beta3)
• mozilla seamonkey 2.18 (beta4)
• mozilla seamonkey 2.19 (beta1)
• mozilla seamonkey 2.19 (beta2)
• mozilla seamonkey 2.1 (alpha1)
• mozilla seamonkey 2.1 (alpha2)
• mozilla seamonkey 2.1 (alpha3)
• mozilla seamonkey 2.1 (beta1)
• mozilla seamonkey 2.1 (beta2)
• mozilla seamonkey 2.1 (beta3)
• mozilla seamonkey 2.1 (rc1)
• mozilla seamonkey 2.1 (rc2)
• mozilla seamonkey up to 2.20 (beta1)
• mozilla seamonkey up to 2.20 (beta2)
• mozilla seamonkey up to 2.20 (beta3)
• mozilla thunderbird 17.0
• mozilla thunderbird 17.0.1
• mozilla thunderbird 17.0.2
• mozilla thunderbird 17.0.3
• mozilla thunderbird 17.0.4
• mozilla thunderbird 17.0.5
• mozilla thunderbird 17.0.6
• mozilla thunderbird 17.0.7
• mozilla thunderbird 17.0.8
• mozilla thunderbird up to 17.0.9

References

• CVE: CVE-2013-1724