Signature Detail
Short Name |
HTTP:STC:MOZILLA:FIREFOX-NSTREE |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Mozilla Firefox nsTreeRange Use After Free Remote Code Execution |
Release Date |
2011/08/25 |
Update Number |
1980 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Mozilla Firefox nsTreeRange Use After Free Remote Code Execution
A use-after-free vulnerability exists in Mozilla Firefox. The vulnerability is due to a flaw in the code that handles user-defined functions of an nsTreeSelection element, which allows freeing an object and operating on it afterwards. A remote attacker could exploit this vulnerability by enticing a user to visit a malicious web page. A successful attack would result in execution of arbitrary code in the security context of the user running the browser. If the attack fails, the software may terminate abnormally.
Extended Description
Mozilla Firefox and SeaMonkey are prone to a remote code-execution vulnerability because of a dangling-pointer issue. An attacker can exploit this issue by enticing an unsuspecting user into viewing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. This issue is fixed in: Firefox 3.6.17 Firefox 3.5.19 SeaMonkey 2.0.14 NOTE: This issue was previously discussed in BID 47635 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2011-12 through -18 Multiple Vulnerabilities) but has been moved to its own record to better document it.
Affected Products
- Avaya Aura Presence Services 6.0
- Avaya Aura Presence Services 6.1
- Avaya Aura Session Manager 1.1
- Avaya Aura Session Manager 5.2
- Avaya Aura Session Manager 6.0
- Avaya Aura Session Manager 6.1
- Avaya Aura Session Manager 6.1 Sp1
- Avaya Aura Session Manager 6.1 SP2
- Avaya Aura System Manager 5.2
- Avaya Aura System Manager 6.0
- Avaya Aura System Manager 6.0 SP1
- Avaya Aura System Manager 6.1
- Avaya Aura System Manager 6.1.1
- Avaya Aura System Manager 6.1 Sp1
- Avaya Aura System Manager 6.1 SP2
- Avaya IQ 5
- Avaya IQ 5.1
- Avaya IQ 5.2
- Avaya Message Networking 3.1
- Avaya Message Networking 5.2
- Avaya Message Networking 5.2.1
- Avaya Message Networking 5.2.2
- Avaya Message Networking 5.2 SP1
- Avaya Messaging Storage Server 4.0
- Avaya Messaging Storage Server 5.0
- Avaya Messaging Storage Server 5.1
- Avaya Messaging Storage Server 5.1 SP1
- Avaya Messaging Storage Server 5.1 SP2
- Avaya Messaging Storage Server 5.2
- Avaya Messaging Storage Server 5.2.2
- Avaya Messaging Storage Server 5.2.8
- Avaya Messaging Storage Server 5.2 SP1
- Avaya Messaging Storage Server 5.2 SP2
- Avaya Messaging Storage Server 5.2 SP3
- Debian Linux 5.0
- Debian Linux 5.0 Alpha
- Debian Linux 5.0 Amd64
- Debian Linux 5.0 Arm
- Debian Linux 5.0 Armel
- Debian Linux 5.0 Hppa
- Debian Linux 5.0 Ia-32
- Debian Linux 5.0 Ia-64
- Debian Linux 5.0 M68k
- Debian Linux 5.0 Mips
- Debian Linux 5.0 Mipsel
- Debian Linux 5.0 Powerpc
- Debian Linux 5.0 S/390
- Debian Linux 5.0 Sparc
- Mandriva Enterprise Server 5
- Mandriva Enterprise Server 5 X86 64
- Mandriva Linux Mandrake 2009.0
- Mandriva Linux Mandrake 2009.0 X86 64
- Mandriva Linux Mandrake 2010.0
- Mandriva Linux Mandrake 2010.0 X86 64
- Mandriva Linux Mandrake 2010.1
- Mandriva Linux Mandrake 2010.1 X86 64
- Mozilla Firefox 3.5.0
- Mozilla Firefox 3.5.1
- Mozilla Firefox 3.5.10
- Mozilla Firefox 3.5.10
- Mozilla Firefox 3.5.11
- Mozilla Firefox 3.5.12
- Mozilla Firefox 3.5.13
- Mozilla Firefox 3.5.14
- Mozilla Firefox 3.5.14
- Mozilla Firefox 3.5.15
- Mozilla Firefox 3.5.16
- Mozilla Firefox 3.5.17
- Mozilla Firefox 3.5.18
- Mozilla Firefox 3.5.2
- Mozilla Firefox 3.5.3
- Mozilla Firefox 3.5.4
- Mozilla Firefox 3.5.5
- Mozilla Firefox 3.5.6
- Mozilla Firefox 3.5.7
- Mozilla Firefox 3.5.8
- Mozilla Firefox 3.5.9
- Mozilla Firefox 3.5.9
- Mozilla Firefox 3.6
- Mozilla Firefox 3.6.10
- Mozilla Firefox 3.6.11
- Mozilla Firefox 3.6.12
- Mozilla Firefox 3.6.13
- Mozilla Firefox 3.6.13
- Mozilla Firefox 3.6.14
- Mozilla Firefox 3.6.15
- Mozilla Firefox 3.6.16
- Mozilla Firefox 3.6.2
- Mozilla Firefox 3.6.2
- Mozilla Firefox 3.6.3
- Mozilla Firefox 3.6.4
- Mozilla Firefox 3.6.5
- Mozilla Firefox 3.6.6
- Mozilla Firefox 3.6.6
- Mozilla Firefox 3.6.7
- Mozilla Firefox 3.6.8
- Mozilla Firefox 3.6.9
- Mozilla Firefox 3.6 Beta 2
- Mozilla Firefox 3.6 Beta 3
- Mozilla Firefox 4.0 Beta1
- Mozilla Firefox 4.0 Beta1
- Mozilla Firefox 4.0 Beta2
- Mozilla SeaMonkey 2.0
- Mozilla SeaMonkey 2.0.1
- Mozilla SeaMonkey 2.0.10
- Mozilla SeaMonkey 2.0.11
- Mozilla SeaMonkey 2.0.11
- Mozilla SeaMonkey 2.0.12
- Mozilla SeaMonkey 2.0.13
- Mozilla SeaMonkey 2.0.2
- Mozilla SeaMonkey 2.0.3
- Mozilla SeaMonkey 2.0.4
- Mozilla SeaMonkey 2.0.4
- Mozilla SeaMonkey 2.0.5
- Mozilla SeaMonkey 2.0.5
- Mozilla SeaMonkey 2.0.6
- Mozilla SeaMonkey 2.0.7
- Mozilla SeaMonkey 2.0.8
- Mozilla SeaMonkey 2.0.9
- Mozilla SeaMonkey 2.0.9
- Mozilla SeaMonkey 2.0 Alpha 1
- Mozilla SeaMonkey 2.0 Alpha 2
- Mozilla SeaMonkey 2.0 Alpha 3
- Mozilla SeaMonkey 2.0 Beta 1
- Mozilla SeaMonkey 2.0 Beta 2
- Mozilla SeaMonkey 2.0 Rc1
- Mozilla SeaMonkey 2.0 Rc2
- Red Hat Enterprise Linux 5 Server
- Red Hat Enterprise Linux Desktop Version 4
- Red Hat Enterprise Linux AS 4
- Red Hat Enterprise Linux Desktop 5 Client
- Red Hat Enterprise Linux Desktop 6
- Red Hat Enterprise Linux Desktop Optional 6
- Red Hat Enterprise Linux Desktop Workstation 5 Client
- Red Hat Enterprise Linux ES 4
- Red Hat Enterprise Linux HPC Node Optional 6
- Red Hat Enterprise Linux Server 6
- Red Hat Enterprise Linux Server Optional 6
- Red Hat Enterprise Linux Workstation 6
- Red Hat Enterprise Linux Workstation Optional 6
- Red Hat Enterprise Linux WS 4
- Red Hat Fedora 13
- Red Hat Fedora 14
- Red Hat Fedora 15
- Slackware Linux 12.2
- Slackware Linux 13.0
- Slackware Linux 13.0 X86 64
- Slackware Linux 13.1
- Slackware Linux 13.1 X86 64
- Slackware Linux 13.37
- Slackware Linux 13.37 x86_64
- Slackware Linux -Current
- Slackware Linux X86 64 -Current
- SuSE openSUSE 11.2
- SuSE openSUSE 11.3
- SuSE openSUSE 11.4
- SuSE SUSE Linux Enterprise Desktop 10 SP4
- SuSE SUSE Linux Enterprise Desktop 11 SP1
- SuSE SUSE Linux Enterprise SDK 10 SP4
- SuSE SUSE Linux Enterprise SDK 11 SP1
- SuSE SUSE Linux Enterprise Server 10 SP3
- SuSE SUSE Linux Enterprise Server 10 SP4
- SuSE SUSE Linux Enterprise Server 11 SP1
- Ubuntu Ubuntu Linux 10.04 Amd64
- Ubuntu Ubuntu Linux 10.04 ARM
- Ubuntu Ubuntu Linux 10.04 I386
- Ubuntu Ubuntu Linux 10.04 Powerpc
- Ubuntu Ubuntu Linux 10.04 Sparc
- Ubuntu Ubuntu Linux 10.10 amd64
- Ubuntu Ubuntu Linux 10.10 ARM
- Ubuntu Ubuntu Linux 10.10 i386
- Ubuntu Ubuntu Linux 10.10 powerpc
- Ubuntu Ubuntu Linux 11.04 amd64
- Ubuntu Ubuntu Linux 11.04 ARM
- Ubuntu Ubuntu Linux 11.04 i386
- Ubuntu Ubuntu Linux 11.04 powerpc
- Ubuntu Ubuntu Linux 8.04 LTS Amd64
- Ubuntu Ubuntu Linux 8.04 LTS I386
- Ubuntu Ubuntu Linux 8.04 LTS Lpia
- Ubuntu Ubuntu Linux 8.04 LTS Powerpc
- Ubuntu Ubuntu Linux 8.04 LTS Sparc
- Ubuntu Ubuntu Linux 9.10 Amd64
- Ubuntu Ubuntu Linux 9.10 ARM
- Ubuntu Ubuntu Linux 9.10 I386
- Ubuntu Ubuntu Linux 9.10 Lpia
- Ubuntu Ubuntu Linux 9.10 Powerpc
- Ubuntu Ubuntu Linux 9.10 Sparc
References