Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:MOZILLA:FIREFOX-INPUT

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Mozilla Firefox File Input Element Memory Corruption

Release Date

 2010/10/19

Update Number

 1794

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Mozilla Firefox File Input Element Memory Corruption


There exists vulnerability in Mozilla Firefox. The vulnerability is due to a race condition when handling a DOM method on a specific HTML form object. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted web page. Successful exploitation would allow for arbitrary code injection and execution with the privileges of the currently logged on user. In a successful attack, arbitrary code is supplied and executed on the vulnerable target host. The behaviour of the target system is dependent on the malicious code. Note that any code executed by the attacker runs with the privileges of the logged in user. In an attack where code execution fails, the vulnerable application will terminate abnormally while parsing the malicious document.

Extended Description

The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey. Exploiting these issues can allow attackers to: - steal authentication credentials - obtain potentially sensitive information - violate the same-origin policy - execute scripts with elevated privileges - cause denial-of-service conditions - execute arbitrary code Other attacks are also possible. These issues are present in the following applications: Firefox 3.0.3 and prior Firefox 2.0.0.17 and prior Thunderbird: 2.0.0.17 and prior SeaMonkey 1.1.12 and prior

Affected Products

  • Avaya Interactive Response 4.0
  • Avaya Intuity AUDIX LX 2.0
  • Avaya Message Networking 3.1
  • Avaya Message Networking MN 3.1
  • Avaya Message Networking
  • Avaya Messaging Storage Server 1.0
  • Avaya Messaging Storage Server 2.0
  • Avaya Messaging Storage Server 3.1
  • Avaya Messaging Storage Server 4.0
  • Avaya Messaging Storage Server MM3.0
  • Avaya Messaging Storage Server
  • Debian Iceweasel
  • Debian Linux 4.0
  • Debian Linux 4.0 Alpha
  • Debian Linux 4.0 Amd64
  • Debian Linux 4.0 Arm
  • Debian Linux 4.0 Hppa
  • Debian Linux 4.0 Ia-32
  • Debian Linux 4.0 Ia-64
  • Debian Linux 4.0 M68k
  • Debian Linux 4.0 Mips
  • Debian Linux 4.0 Mipsel
  • Debian Linux 4.0 Powerpc
  • Debian Linux 4.0 S/390
  • Debian Linux 4.0 Sparc
  • Debian Xulrunner
  • Mandriva Corporate Server 3.0.0
  • Mandriva Corporate Server 3.0.0 X86 64
  • Mandriva Corporate Server 4.0
  • Mandriva Corporate Server 4.0.0 X86 64
  • Mandriva Linux Mandrake 2008.0
  • Mandriva Linux Mandrake 2008.0 X86 64
  • Mandriva Linux Mandrake 2008.1
  • Mandriva Linux Mandrake 2008.1 X86 64
  • Mandriva Linux Mandrake 2009.0
  • Mandriva Linux Mandrake 2009.0 X86 64
  • Mozilla Firefox 2.0
  • Mozilla Firefox 2.0.0.1
  • Mozilla Firefox 2.0.0.10
  • Mozilla Firefox 2.0.0.11
  • Mozilla Firefox 2.0.0.12
  • Mozilla Firefox 2.0.0.13
  • Mozilla Firefox 2.0.0.14
  • Mozilla Firefox 2.0.0.15
  • Mozilla Firefox 2.0.0.16
  • Mozilla Firefox 2.0.0.17
  • Mozilla Firefox 2.0.0.2
  • Mozilla Firefox 2.0.0.3
  • Mozilla Firefox 2.0.0.4
  • Mozilla Firefox 2.0.0.5
  • Mozilla Firefox 2.0.0.6
  • Mozilla Firefox 2.0.0.7
  • Mozilla Firefox 2.0.0.8
  • Mozilla Firefox 2.0.0.9
  • Mozilla Firefox 2.0 Beta 1
  • Mozilla Firefox 2.0 RC2
  • Mozilla Firefox 2.0 RC3
  • Mozilla Firefox 3.0
  • Mozilla Firefox 3.0.1
  • Mozilla Firefox 3.0.2
  • Mozilla Firefox 3.0.3
  • Mozilla Firefox 3.0 Beta 5
  • Mozilla SeaMonkey 1.0
  • Mozilla SeaMonkey 1.0.1
  • Mozilla SeaMonkey 1.0.2
  • Mozilla SeaMonkey 1.0.3
  • Mozilla SeaMonkey 1.0.5
  • Mozilla SeaMonkey 1.0.6
  • Mozilla SeaMonkey 1.0.7
  • Mozilla SeaMonkey 1.0.8
  • Mozilla SeaMonkey 1.0.9
  • Mozilla SeaMonkey 1.0.99
  • Mozilla SeaMonkey 1.0 Dev
  • Mozilla SeaMonkey 1.1.1
  • Mozilla SeaMonkey 1.1.10
  • Mozilla SeaMonkey 1.1.11
  • Mozilla SeaMonkey 1.1.12
  • Mozilla SeaMonkey 1.1.2
  • Mozilla SeaMonkey 1.1.3
  • Mozilla SeaMonkey 1.1.4
  • Mozilla SeaMonkey 1.1.5
  • Mozilla SeaMonkey 1.1.6
  • Mozilla SeaMonkey 1.1.7
  • Mozilla SeaMonkey 1.1.8
  • Mozilla SeaMonkey 1.1.9
  • Mozilla SeaMonkey 1.1 Beta
  • Mozilla Thunderbird 2.0.0.12
  • Mozilla Thunderbird 2.0.0.13
  • Mozilla Thunderbird 2.0.0.14
  • Mozilla Thunderbird 2.0.0.15
  • Mozilla Thunderbird 2.0.0.16
  • Mozilla Thunderbird 2.0.0.17
  • Mozilla Thunderbird 2.0.0.4
  • Mozilla Thunderbird 2.0.0.5
  • Mozilla Thunderbird 2.0.0.6
  • Mozilla Thunderbird 2.0.0.8
  • Mozilla Thunderbird 2.0.0.9
  • Nortel Networks Self-Service - CCSS7
  • Nortel Networks Self-Service Media Processing Server
  • Nortel Networks Self-Service MPS 1000
  • Nortel Networks Self-Service Peri Application
  • Nortel Networks Self-Service Peri Workstation
  • Pardus Linux 2007
  • Pardus Linux 2008
  • Red Hat Advanced Workstation for the Itanium Processor 2.1.0 IA64
  • Red Hat Desktop 3.0.0
  • Red Hat Desktop 4.0.0
  • Red Hat Enterprise Linux 5 Server
  • Red Hat Enterprise Linux Desktop Version 4
  • Red Hat Enterprise Linux AS 2.1
  • Red Hat Enterprise Linux AS 3
  • Red Hat Enterprise Linux AS 4
  • Red Hat Enterprise Linux Desktop 5 Client
  • Red Hat Enterprise Linux Desktop Workstation 5 Client
  • Red Hat Enterprise Linux ES 2.1
  • Red Hat Enterprise Linux ES 3
  • Red Hat Enterprise Linux ES 4
  • Red Hat Enterprise Linux Optional Productivity Application 5 Server
  • Red Hat Enterprise Linux WS 2.1
  • Red Hat Enterprise Linux WS 3
  • Red Hat Enterprise Linux WS 4
  • Red Hat Fedora 8
  • Red Hat Fedora 9
  • Red Hat Linux Advanced Workstation 2.1 for the Ita 2.1.0 IA64
  • Slackware Linux 10.2.0
  • Slackware Linux 11.0
  • Slackware Linux 12.0
  • Slackware Linux 12.1
  • Slackware Linux -Current
  • Sun OpenSolaris Build Snv 89
  • Sun OpenSolaris Build Snv 90
  • Sun OpenSolaris Build Snv 91
  • Sun OpenSolaris Build Snv 92
  • Sun OpenSolaris Build Snv 93
  • Sun OpenSolaris Build Snv 94
  • Sun Solaris 10 Sparc
  • Sun Solaris 10 X86
  • Turbolinux FUJI
  • Turbolinux Turbolinux Server 11
  • Turbolinux Turbolinux Server 11 X64
  • Turbolinux wizpy
  • Ubuntu Ubuntu Linux 6.06 LTS Amd64
  • Ubuntu Ubuntu Linux 6.06 LTS I386
  • Ubuntu Ubuntu Linux 6.06 LTS Powerpc
  • Ubuntu Ubuntu Linux 6.06 LTS Sparc
  • Ubuntu Ubuntu Linux 7.10 Amd64
  • Ubuntu Ubuntu Linux 7.10 I386
  • Ubuntu Ubuntu Linux 7.10 Lpia
  • Ubuntu Ubuntu Linux 7.10 Powerpc
  • Ubuntu Ubuntu Linux 7.10 Sparc
  • Ubuntu Ubuntu Linux 8.04 LTS Amd64
  • Ubuntu Ubuntu Linux 8.04 LTS I386
  • Ubuntu Ubuntu Linux 8.04 LTS Lpia
  • Ubuntu Ubuntu Linux 8.04 LTS Powerpc
  • Ubuntu Ubuntu Linux 8.04 LTS Sparc
  • Ubuntu Ubuntu Linux 8.10 Amd64
  • Ubuntu Ubuntu Linux 8.10 I386
  • Ubuntu Ubuntu Linux 8.10 Lpia
  • Ubuntu Ubuntu Linux 8.10 Powerpc
  • Ubuntu Ubuntu Linux 8.10 Sparc

References

  • BugTraq: 32281
  • CVE: CVE-2008-5021

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out