Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:MOZILLA:NAV-OBJ-EXEC

Severity

 Medium

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Firefox Navigator Object Code Execution

Release Date

 2009/09/11

Update Number

 1504

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Firefox Navigator Object Code Execution


This signature detects attempts to exploit a known vulnerability against Mozilla Firefox. A successful attack can lead to arbitrary code execution.

Extended Description

Mozilla Firefox is prone to a remote code-execution vulnerability because the application fails to properly sanitize user-supplied input before using it to create new JavaScript objects. Successful exploits may allow an attacker to crash the application or execute arbitrary machine code in the context of the affected application. This issue was previously discussed in BID 19181 (Mozilla Multiple Products Remote Vulnerabilities). It has been assigned a separate BID because new information has become available.

Affected Products

  • Flock 0.7.3 2
  • Gentoo Linux
  • HP HP-UX B.11.11
  • HP HP-UX B.11.23
  • HP HP-UX B.11.31
  • K-Meleon 1.0
  • Mandriva Linux Mandrake 2006.0.0
  • Mandriva Linux Mandrake 2006.0.0 X86 64
  • Mozilla Camino 0.7.0 .0
  • Mozilla Camino 0.8.0
  • Mozilla Camino 0.8.3
  • Mozilla Camino 0.8.4
  • Mozilla Camino 1.0
  • Mozilla Camino 1.0.1
  • Mozilla Camino 1.0.2
  • Mozilla Firefox 1.5.0
  • Mozilla Firefox 1.5.0.1
  • Mozilla Firefox 1.5.0.2
  • Mozilla Firefox 1.5.0.3
  • Mozilla Firefox 1.5.0.4
  • Mozilla Firefox 1.5.0 Beta 1
  • Mozilla Firefox 1.5.0 Beta 2
  • Mozilla SeaMonkey 1.0
  • Mozilla SeaMonkey 1.0.1
  • Mozilla SeaMonkey 1.0.2
  • Mozilla SeaMonkey 1.0 Dev
  • Netscape Browser 8.1
  • Red Hat Advanced Workstation for the Itanium Processor 2.1.0
  • Red Hat Advanced Workstation for the Itanium Processor 2.1.0 IA64
  • Red Hat Desktop 3.0.0
  • Red Hat Desktop 4.0.0
  • Red Hat Enterprise Linux AS 2.1
  • Red Hat Enterprise Linux AS 2.1 IA64
  • Red Hat Enterprise Linux AS 3
  • Red Hat Enterprise Linux AS 4
  • Red Hat Enterprise Linux ES 2.1
  • Red Hat Enterprise Linux ES 2.1 IA64
  • Red Hat Enterprise Linux ES 3
  • Red Hat Enterprise Linux ES 4
  • Red Hat Enterprise Linux WS 2.1
  • Red Hat Enterprise Linux WS 2.1 IA64
  • Red Hat Enterprise Linux WS 3
  • Red Hat Enterprise Linux WS 4
  • rPath rPath Linux 1
  • Slackware Linux 10.2.0
  • Slackware Linux -Current
  • Ubuntu Ubuntu Linux 5.10.0 Amd64
  • Ubuntu Ubuntu Linux 5.10.0 I386
  • Ubuntu Ubuntu Linux 5.10.0 Powerpc
  • Ubuntu Ubuntu Linux 5.10.0 Sparc
  • Ubuntu Ubuntu Linux 6.06 LTS Amd64
  • Ubuntu Ubuntu Linux 6.06 LTS I386
  • Ubuntu Ubuntu Linux 6.06 LTS Powerpc
  • Ubuntu Ubuntu Linux 6.06 LTS Sparc

References

  • BugTraq: 19192
  • CVE: CVE-2006-3677
  • URL: http://browserfun.blogspot.com/2006/07/mobb-28-mozilla-navigator-object.html

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out