Signature Detail
Short Name |
HTTP:STC:MOZILLA:FIREFOX-ENG-MC |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Mozilla Firefox Browser Engine Memory Corruption (CVE-2009-1392) |
Release Date |
2011/07/21 |
Update Number |
1959 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Mozilla Firefox Browser Engine Memory Corruption (CVE-2009-1392)
This signature detects attempts to exploit a known vulnerability against Mozilla Firefox. A successful attack could allow the attacker to execute arbitrary code on the targeted system. Failed exploit attempts could result in a denial of service condition.
Extended Description
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox, Thunderbird, and SeaMonkey. Attackers can exploit these issues to bypass same-origin restrictions, obtain potentially sensitive information, and execute arbitrary script code with elevated privileges; other attacks are also possible. NOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID: 35360 Mozilla Firefox 'NPObject' Access Remote Code Execution Vulnerability 35370 Mozilla Firefox/Thunderbird/SeaMonkey Multiple Browser Engine Memory Corruption Vulnerabilities 35373 Mozilla Firefox and SeaMonkey JavaScript Chrome Privilege Escalation Vulnerability 35371 Mozilla Firefox/Thunderbird/SeaMonkey Double Frame Construction Memory Corruption Vulnerability 35372 Mozilla Firefox/Thunderbird/SeaMonkey Multiple JavaScript Engine Memory Corruption Vulnerabilities 35377 Mozilla Firefox/Thunderbird/SeaMonkey XUL Scripts Content-Policy Check Security Bypass Vulnerability 35380 Mozilla Firefox/Thunderbird/SeaMonkey Malicious Proxy HTTPS Man In The Middle Vulnerability 35383 Mozilla Firefox/Thunderbird/SeaMonkey Null Owner Document Arbitrary Code Execution Vulnerability 35386 Mozilla Firefox/Thunderbird/SeaMonkey 'file://' URI Security Bypass Vulnerability 35386 Mozilla Firefox/Thunderbird/SeaMonkey 'file://' URI Security Bypass Vulnerability 35388 Mozilla Firefox/SeaMonkey Address Bar URI Spoofing Vulnerability
Affected Products
- Mozilla Firefox 0.10.0
- Mozilla Firefox 0.10.1
- Mozilla Firefox 0.8.0
- Mozilla Firefox 0.9.0
- Mozilla Firefox 0.9.0 Rc
- Mozilla Firefox 0.9.1
- Mozilla Firefox 0.9.2
- Mozilla Firefox 0.9.3
- Mozilla Firefox 1.0.0
- Mozilla Firefox 1.0.1
- Mozilla Firefox 1.0.2
- Mozilla Firefox 1.0.3
- Mozilla Firefox 1.0.4
- Mozilla Firefox 1.0.5
- Mozilla Firefox 1.0.6
- Mozilla Firefox 1.0.7
- Mozilla Firefox 1.0.8
- Mozilla Firefox 1.5.0
- Mozilla Firefox 1.5.0.1
- Mozilla Firefox 1.5.0.10
- Mozilla Firefox 1.5.0.11
- Mozilla Firefox 1.5.0 12
- Mozilla Firefox 1.5.0.2
- Mozilla Firefox 1.5.0.3
- Mozilla Firefox 1.5.0.4
- Mozilla Firefox 1.5.0.5
- Mozilla Firefox 1.5.0.6
- Mozilla Firefox 1.5.0.7
- Mozilla Firefox 1.5.0.8
- Mozilla Firefox 1.5.0.9
- Mozilla Firefox 1.5.0 Beta 1
- Mozilla Firefox 1.5.0 Beta 2
- Mozilla Firefox 2.0
- Mozilla Firefox 2.0.0.1
- Mozilla Firefox 2.0.0.10
- Mozilla Firefox 2.0.0.11
- Mozilla Firefox 2.0.0.12
- Mozilla Firefox 2.0.0.13
- Mozilla Firefox 2.0.0.14
- Mozilla Firefox 2.0.0.15
- Mozilla Firefox 2.0.0.16
- Mozilla Firefox 2.0.0.17
- Mozilla Firefox 2.0.0.18
- Mozilla Firefox 2.0.0 .19
- Mozilla Firefox 2.0.0.2
- Mozilla Firefox 2.0.0 20
- Mozilla Firefox 2.0.0.3
- Mozilla Firefox 2.0.0.4
- Mozilla Firefox 2.0.0.5
- Mozilla Firefox 2.0.0.6
- Mozilla Firefox 2.0.0.7
- Mozilla Firefox 2.0.0.8
- Mozilla Firefox 2.0.0.9
- Mozilla Firefox 2.0 Beta 1
- Mozilla Firefox 2.0 RC2
- Mozilla Firefox 2.0 RC3
- Mozilla Firefox 3.0
- Mozilla Firefox 3.0.1
- Mozilla Firefox 3.0.10
- Mozilla Firefox 3.0.2
- Mozilla Firefox 3.0.3
- Mozilla Firefox 3.0.4
- Mozilla Firefox 3.0.5
- Mozilla Firefox 3.0.6
- Mozilla Firefox 3.0.7
- Mozilla Firefox 3.0.7 Beta
- Mozilla Firefox 3.0.8
- Mozilla Firefox 3.0.9
- Mozilla Firefox 3.0 Beta 5
- Mozilla SeaMonkey 1.0
- Mozilla SeaMonkey 1.0.1
- Mozilla SeaMonkey 1.0.2
- Mozilla SeaMonkey 1.0.3
- Mozilla SeaMonkey 1.0.5
- Mozilla SeaMonkey 1.0.6
- Mozilla SeaMonkey 1.0.7
- Mozilla SeaMonkey 1.0.8
- Mozilla SeaMonkey 1.0.9
- Mozilla SeaMonkey 1.0.99
- Mozilla SeaMonkey 1.0 Dev
- Mozilla SeaMonkey 1.1.1
- Mozilla SeaMonkey 1.1.10
- Mozilla SeaMonkey 1.1.11
- Mozilla SeaMonkey 1.1.12
- Mozilla SeaMonkey 1.1.13
- Mozilla SeaMonkey 1.1.14
- Mozilla SeaMonkey 1.1.15
- Mozilla SeaMonkey 1.1.16
- Mozilla SeaMonkey 1.1.2
- Mozilla SeaMonkey 1.1.3
- Mozilla SeaMonkey 1.1.4
- Mozilla SeaMonkey 1.1.5
- Mozilla SeaMonkey 1.1.6
- Mozilla SeaMonkey 1.1.7
- Mozilla SeaMonkey 1.1.8
- Mozilla SeaMonkey 1.1.9
- Mozilla SeaMonkey 1.1 Beta
- Mozilla Thunderbird 0.6.0
- Mozilla Thunderbird 0.7.0
- Mozilla Thunderbird 0.7.1
- Mozilla Thunderbird 0.7.2
- Mozilla Thunderbird 0.7.3
- Mozilla Thunderbird 0.8.0
- Mozilla Thunderbird 0.9.0
- Mozilla Thunderbird 1.0.0
- Mozilla Thunderbird 1.0.1
- Mozilla Thunderbird 1.0.2
- Mozilla Thunderbird 1.0.5
- Mozilla Thunderbird 1.0.6
- Mozilla Thunderbird 1.0.7
- Mozilla Thunderbird 1.0.8
- Mozilla Thunderbird 1.5.0
- Mozilla Thunderbird 1.5.0.1
- Mozilla Thunderbird 1.5.0.10
- Mozilla Thunderbird 1.5.0.12
- Mozilla Thunderbird 1.5.0.13
- Mozilla Thunderbird 1.5.0.14
- Mozilla Thunderbird 1.5.0.2
- Mozilla Thunderbird 1.5.0.4
- Mozilla Thunderbird 1.5.0.5
- Mozilla Thunderbird 1.5.0.7
- Mozilla Thunderbird 1.5.0.8
- Mozilla Thunderbird 1.5.0.9
- Mozilla Thunderbird 1.5.0 Beta 2
- Mozilla Thunderbird 2.0.0.12
- Mozilla Thunderbird 2.0.0.13
- Mozilla Thunderbird 2.0.0.14
- Mozilla Thunderbird 2.0.0.15
- Mozilla Thunderbird 2.0.0.16
- Mozilla Thunderbird 2.0.0.17
- Mozilla Thunderbird 2.0.0.18
- Mozilla Thunderbird 2.0.0 .19
- Mozilla Thunderbird 2.0.0.21
- Mozilla Thunderbird 2.0.0.4
- Mozilla Thunderbird 2.0.0.5
- Mozilla Thunderbird 2.0.0.6
- Mozilla Thunderbird 2.0.0.8
- Mozilla Thunderbird 2.0.0.9
- Pardus Linux 2008
References
- BugTraq: 35326
- CVE: CVE-2009-1392