Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:MOZILLA:MCHANNEL-UAF

Severity

 Medium

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Mozilla Firefox OBJECT mChannel Use After Free

Release Date

 2011/08/17

Update Number

 1975

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Mozilla Firefox OBJECT mChannel Use After Free


This signature detects attempts to exploit a known vulnerability against Mozilla Firefox. It is due to a specific method call on an object with an unassigned mChannel, resulting in a dangling pointer. A remote attacker could exploit this vulnerability by enticing a user to visit a malicious web page. A successful attack would result in execution of arbitrary code in the security context of the browser's user.

Extended Description

Mozilla Firefox and SeaMonkey are prone to a memory-corruption vulnerability that may allow remote code execution. An attacker can exploit this issue by enticing an unsuspecting user into viewing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. This issue is fixed in: Firefox 3.6.17 Firefox 3.5.19 SeaMonkey 2.0.14 NOTE: This issue was previously discussed in BID 47635 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2011-12 through -18 Multiple Vulnerabilities) but has been moved to its own record to better document it.

Affected Products

  • Avaya Aura Presence Services 6.0
  • Avaya Aura Presence Services 6.1
  • Avaya Aura Session Manager 1.1
  • Avaya Aura Session Manager 5.2
  • Avaya Aura Session Manager 6.0
  • Avaya Aura Session Manager 6.1
  • Avaya Aura Session Manager 6.1 Sp1
  • Avaya Aura Session Manager 6.1 SP2
  • Avaya Aura System Manager 5.2
  • Avaya Aura System Manager 6.0
  • Avaya Aura System Manager 6.0 SP1
  • Avaya Aura System Manager 6.1
  • Avaya Aura System Manager 6.1.1
  • Avaya Aura System Manager 6.1 Sp1
  • Avaya Aura System Manager 6.1 SP2
  • Avaya IQ 5
  • Avaya IQ 5.1
  • Avaya IQ 5.2
  • Avaya Message Networking 3.1
  • Avaya Message Networking 5.2
  • Avaya Message Networking 5.2.1
  • Avaya Message Networking 5.2.2
  • Avaya Message Networking 5.2 SP1
  • Avaya Messaging Storage Server 4.0
  • Avaya Messaging Storage Server 5.0
  • Avaya Messaging Storage Server 5.1
  • Avaya Messaging Storage Server 5.1 SP1
  • Avaya Messaging Storage Server 5.1 SP2
  • Avaya Messaging Storage Server 5.2
  • Avaya Messaging Storage Server 5.2.2
  • Avaya Messaging Storage Server 5.2.8
  • Avaya Messaging Storage Server 5.2 SP1
  • Avaya Messaging Storage Server 5.2 SP2
  • Avaya Messaging Storage Server 5.2 SP3
  • Debian Linux 5.0
  • Debian Linux 5.0 Alpha
  • Debian Linux 5.0 Amd64
  • Debian Linux 5.0 Arm
  • Debian Linux 5.0 Armel
  • Debian Linux 5.0 Hppa
  • Debian Linux 5.0 Ia-32
  • Debian Linux 5.0 Ia-64
  • Debian Linux 5.0 M68k
  • Debian Linux 5.0 Mips
  • Debian Linux 5.0 Mipsel
  • Debian Linux 5.0 Powerpc
  • Debian Linux 5.0 S/390
  • Debian Linux 5.0 Sparc
  • Mandriva Enterprise Server 5
  • Mandriva Enterprise Server 5 X86 64
  • Mandriva Linux Mandrake 2009.0
  • Mandriva Linux Mandrake 2009.0 X86 64
  • Mandriva Linux Mandrake 2010.0
  • Mandriva Linux Mandrake 2010.0 X86 64
  • Mandriva Linux Mandrake 2010.1
  • Mandriva Linux Mandrake 2010.1 X86 64
  • Mozilla Firefox 3.5.0
  • Mozilla Firefox 3.5.1
  • Mozilla Firefox 3.5.10
  • Mozilla Firefox 3.5.10
  • Mozilla Firefox 3.5.11
  • Mozilla Firefox 3.5.12
  • Mozilla Firefox 3.5.13
  • Mozilla Firefox 3.5.14
  • Mozilla Firefox 3.5.14
  • Mozilla Firefox 3.5.15
  • Mozilla Firefox 3.5.16
  • Mozilla Firefox 3.5.17
  • Mozilla Firefox 3.5.18
  • Mozilla Firefox 3.5.2
  • Mozilla Firefox 3.5.3
  • Mozilla Firefox 3.5.4
  • Mozilla Firefox 3.5.5
  • Mozilla Firefox 3.5.6
  • Mozilla Firefox 3.5.7
  • Mozilla Firefox 3.5.8
  • Mozilla Firefox 3.5.9
  • Mozilla Firefox 3.5.9
  • Mozilla Firefox 3.6
  • Mozilla Firefox 3.6.10
  • Mozilla Firefox 3.6.11
  • Mozilla Firefox 3.6.12
  • Mozilla Firefox 3.6.13
  • Mozilla Firefox 3.6.13
  • Mozilla Firefox 3.6.14
  • Mozilla Firefox 3.6.15
  • Mozilla Firefox 3.6.16
  • Mozilla Firefox 3.6.2
  • Mozilla Firefox 3.6.2
  • Mozilla Firefox 3.6.3
  • Mozilla Firefox 3.6.4
  • Mozilla Firefox 3.6.5
  • Mozilla Firefox 3.6.6
  • Mozilla Firefox 3.6.6
  • Mozilla Firefox 3.6.7
  • Mozilla Firefox 3.6.8
  • Mozilla Firefox 3.6.9
  • Mozilla Firefox 3.6 Beta 2
  • Mozilla Firefox 3.6 Beta 3
  • Mozilla Firefox 4.0 Beta1
  • Mozilla Firefox 4.0 Beta1
  • Mozilla Firefox 4.0 Beta2
  • Mozilla SeaMonkey 2.0
  • Mozilla SeaMonkey 2.0.1
  • Mozilla SeaMonkey 2.0.10
  • Mozilla SeaMonkey 2.0.11
  • Mozilla SeaMonkey 2.0.11
  • Mozilla SeaMonkey 2.0.12
  • Mozilla SeaMonkey 2.0.13
  • Mozilla SeaMonkey 2.0.2
  • Mozilla SeaMonkey 2.0.3
  • Mozilla SeaMonkey 2.0.4
  • Mozilla SeaMonkey 2.0.4
  • Mozilla SeaMonkey 2.0.5
  • Mozilla SeaMonkey 2.0.5
  • Mozilla SeaMonkey 2.0.6
  • Mozilla SeaMonkey 2.0.7
  • Mozilla SeaMonkey 2.0.8
  • Mozilla SeaMonkey 2.0.9
  • Mozilla SeaMonkey 2.0.9
  • Mozilla SeaMonkey 2.0 Alpha 1
  • Mozilla SeaMonkey 2.0 Alpha 2
  • Mozilla SeaMonkey 2.0 Alpha 3
  • Mozilla SeaMonkey 2.0 Beta 1
  • Mozilla SeaMonkey 2.0 Beta 2
  • Mozilla SeaMonkey 2.0 Rc1
  • Mozilla SeaMonkey 2.0 Rc2
  • Red Hat Enterprise Linux 5 Server
  • Red Hat Enterprise Linux Desktop Version 4
  • Red Hat Enterprise Linux AS 4
  • Red Hat Enterprise Linux Desktop 5 Client
  • Red Hat Enterprise Linux Desktop 6
  • Red Hat Enterprise Linux Desktop Optional 6
  • Red Hat Enterprise Linux Desktop Workstation 5 Client
  • Red Hat Enterprise Linux ES 4
  • Red Hat Enterprise Linux HPC Node Optional 6
  • Red Hat Enterprise Linux Server 6
  • Red Hat Enterprise Linux Server Optional 6
  • Red Hat Enterprise Linux Workstation 6
  • Red Hat Enterprise Linux Workstation Optional 6
  • Red Hat Enterprise Linux WS 4
  • Red Hat Fedora 13
  • Red Hat Fedora 14
  • Red Hat Fedora 15
  • Slackware Linux 12.2
  • Slackware Linux 13.0
  • Slackware Linux 13.0 X86 64
  • Slackware Linux 13.1
  • Slackware Linux 13.1 X86 64
  • Slackware Linux 13.37
  • Slackware Linux 13.37 x86_64
  • Slackware Linux -Current
  • Slackware Linux X86 64 -Current
  • SuSE openSUSE 11.2
  • SuSE openSUSE 11.3
  • SuSE openSUSE 11.4
  • SuSE SUSE Linux Enterprise Desktop 10 SP4
  • SuSE SUSE Linux Enterprise Desktop 11 SP1
  • SuSE SUSE Linux Enterprise SDK 10 SP4
  • SuSE SUSE Linux Enterprise SDK 11 SP1
  • SuSE SUSE Linux Enterprise Server 10 SP3
  • SuSE SUSE Linux Enterprise Server 10 SP4
  • SuSE SUSE Linux Enterprise Server 11 SP1
  • Ubuntu Ubuntu Linux 10.04 Amd64
  • Ubuntu Ubuntu Linux 10.04 ARM
  • Ubuntu Ubuntu Linux 10.04 I386
  • Ubuntu Ubuntu Linux 10.04 Powerpc
  • Ubuntu Ubuntu Linux 10.04 Sparc
  • Ubuntu Ubuntu Linux 10.10 amd64
  • Ubuntu Ubuntu Linux 10.10 ARM
  • Ubuntu Ubuntu Linux 10.10 i386
  • Ubuntu Ubuntu Linux 10.10 powerpc
  • Ubuntu Ubuntu Linux 11.04 amd64
  • Ubuntu Ubuntu Linux 11.04 ARM
  • Ubuntu Ubuntu Linux 11.04 i386
  • Ubuntu Ubuntu Linux 11.04 powerpc
  • Ubuntu Ubuntu Linux 8.04 LTS Amd64
  • Ubuntu Ubuntu Linux 8.04 LTS I386
  • Ubuntu Ubuntu Linux 8.04 LTS Lpia
  • Ubuntu Ubuntu Linux 8.04 LTS Powerpc
  • Ubuntu Ubuntu Linux 8.04 LTS Sparc
  • Ubuntu Ubuntu Linux 9.10 Amd64
  • Ubuntu Ubuntu Linux 9.10 ARM
  • Ubuntu Ubuntu Linux 9.10 I386
  • Ubuntu Ubuntu Linux 9.10 Lpia
  • Ubuntu Ubuntu Linux 9.10 Powerpc
  • Ubuntu Ubuntu Linux 9.10 Sparc

References

  • BugTraq: 47659
  • CVE: CVE-2011-0065

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out