Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:MOZILLA:REDUCE-RIGHT

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Mozilla Multiple Products Array.reduceRight Integer Overflow

Release Date

 2011/07/05

Update Number

 1949

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Mozilla Multiple Products Array.reduceRight Integer Overflow


This signature detects attempts to exploit a known vulnerability against multiple Mozilla products. Its due to an integer overflow occurring when the reduceRight() method is called on a JavaScript array with an extremely large length. A successful attack can lead to arbitrary code execution.

Extended Description

Mozilla Firefox, Thunderbird, and SeaMonkey are prone to a remote code-execution vulnerability. The issue occurs when handling a JavaScript array with an extremely large length and can be exploited to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. NOTE: This issue was previously discussed in BID 48354 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2011-19 through -28 Multiple Vulnerabilities) but has been given its own record to better document it.

Affected Products

  • Avaya Aura Presence Services 6.0
  • Avaya Aura Presence Services 6.1
  • Avaya Aura Session Manager 1.1
  • Avaya Aura Session Manager 5.2
  • Avaya Aura Session Manager 5.2 SP1
  • Avaya Aura Session Manager 5.2 SP2
  • Avaya Aura Session Manager 6.0
  • Avaya Aura Session Manager 6.0 SP1
  • Avaya Aura Session Manager 6.1
  • Avaya Aura Session Manager 6.1 Sp1
  • Avaya Aura Session Manager 6.1 SP2
  • Avaya Aura System Manager 5.2
  • Avaya Aura System Manager 6.0
  • Avaya Aura System Manager 6.0 SP1
  • Avaya Aura System Manager 6.1
  • Avaya Aura System Manager 6.1.1
  • Avaya Aura System Manager 6.1 Sp1
  • Avaya Aura System Manager 6.1 SP2
  • Avaya Interactive Response 4.0
  • Avaya IQ 4.0
  • Avaya IQ 4.1.0
  • Avaya IQ 4.2
  • Avaya IQ 5
  • Avaya IQ 5.1
  • Avaya IQ 5.2
  • Avaya Message Networking 3.1
  • Avaya Message Networking 5.2
  • Avaya Message Networking 5.2.1
  • Avaya Message Networking 5.2.2
  • Avaya Message Networking 5.2 SP1
  • Avaya Messaging Storage Server 4.0
  • Avaya Messaging Storage Server 5.0
  • Avaya Messaging Storage Server 5.1
  • Avaya Messaging Storage Server 5.1 SP1
  • Avaya Messaging Storage Server 5.1 SP2
  • Avaya Messaging Storage Server 5.2
  • Avaya Messaging Storage Server 5.2.2
  • Avaya Messaging Storage Server 5.2.8
  • Avaya Messaging Storage Server 5.2 SP1
  • Avaya Messaging Storage Server 5.2 SP2
  • Avaya Messaging Storage Server 5.2 SP3
  • Debian Linux 6.0 amd64
  • Debian Linux 6.0 arm
  • Debian Linux 6.0 ia-32
  • Debian Linux 6.0 ia-64
  • Debian Linux 6.0 mips
  • Debian Linux 6.0 powerpc
  • Debian Linux 6.0 s/390
  • Debian Linux 6.0 sparc
  • Mandriva Enterprise Server 5
  • Mandriva Enterprise Server 5 X86 64
  • Mandriva Linux Mandrake 2009.0
  • Mandriva Linux Mandrake 2009.0 X86 64
  • Mandriva Linux Mandrake 2010.1
  • Mandriva Linux Mandrake 2010.1 X86 64
  • Mozilla Firefox 3.5.0
  • Mozilla Firefox 3.5.1
  • Mozilla Firefox 3.5.10
  • Mozilla Firefox 3.5.10
  • Mozilla Firefox 3.5.11
  • Mozilla Firefox 3.5.12
  • Mozilla Firefox 3.5.13
  • Mozilla Firefox 3.5.14
  • Mozilla Firefox 3.5.14
  • Mozilla Firefox 3.5.15
  • Mozilla Firefox 3.5.16
  • Mozilla Firefox 3.5.17
  • Mozilla Firefox 3.5.18
  • Mozilla Firefox 3.5.19
  • Mozilla Firefox 3.5.2
  • Mozilla Firefox 3.5.3
  • Mozilla Firefox 3.5.4
  • Mozilla Firefox 3.5.5
  • Mozilla Firefox 3.5.6
  • Mozilla Firefox 3.5.7
  • Mozilla Firefox 3.5.8
  • Mozilla Firefox 3.5.9
  • Mozilla Firefox 3.5.9
  • Mozilla Firefox 3.6
  • Mozilla Firefox 3.6.10
  • Mozilla Firefox 3.6.11
  • Mozilla Firefox 3.6.12
  • Mozilla Firefox 3.6.13
  • Mozilla Firefox 3.6.13
  • Mozilla Firefox 3.6.14
  • Mozilla Firefox 3.6.15
  • Mozilla Firefox 3.6.16
  • Mozilla Firefox 3.6.17
  • Mozilla Firefox 3.6.2
  • Mozilla Firefox 3.6.2
  • Mozilla Firefox 3.6.3
  • Mozilla Firefox 3.6.4
  • Mozilla Firefox 3.6.5
  • Mozilla Firefox 3.6.6
  • Mozilla Firefox 3.6.6
  • Mozilla Firefox 3.6.7
  • Mozilla Firefox 3.6.8
  • Mozilla Firefox 3.6.9
  • Mozilla Firefox 3.6 Beta 2
  • Mozilla Firefox 3.6 Beta 3
  • Mozilla Firefox 4.0
  • Mozilla Firefox 4.0.1
  • Mozilla Firefox 4.0 Beta1
  • Mozilla Firefox 4.0 Beta1
  • Mozilla Firefox 4.0 Beta2
  • Mozilla SeaMonkey 1.5.0.10
  • Mozilla SeaMonkey 1.5.0.8
  • Mozilla SeaMonkey 1.5.0.9
  • Mozilla SeaMonkey 2.0
  • Mozilla SeaMonkey 2.0.1
  • Mozilla SeaMonkey 2.0.10
  • Mozilla SeaMonkey 2.0.11
  • Mozilla SeaMonkey 2.0.11
  • Mozilla SeaMonkey 2.0.12
  • Mozilla SeaMonkey 2.0.13
  • Mozilla SeaMonkey 2.0.14
  • Mozilla SeaMonkey 2.0.2
  • Mozilla SeaMonkey 2.0.3
  • Mozilla SeaMonkey 2.0.4
  • Mozilla SeaMonkey 2.0.4
  • Mozilla SeaMonkey 2.0.5
  • Mozilla SeaMonkey 2.0.5
  • Mozilla SeaMonkey 2.0.6
  • Mozilla SeaMonkey 2.0.7
  • Mozilla SeaMonkey 2.0.8
  • Mozilla SeaMonkey 2.0.9
  • Mozilla SeaMonkey 2.0.9
  • Mozilla SeaMonkey 2.0 Alpha 1
  • Mozilla SeaMonkey 2.0 Alpha 2
  • Mozilla SeaMonkey 2.0 Alpha 3
  • Mozilla SeaMonkey 2.0 Beta 1
  • Mozilla SeaMonkey 2.0 Beta 2
  • Mozilla SeaMonkey 2.0 Rc1
  • Mozilla SeaMonkey 2.0 Rc2
  • Mozilla SeaMonkey 2.1 Alpha1
  • Mozilla SeaMonkey 2.1 Alpha2
  • Mozilla SeaMonkey 2.1 Alpha3
  • Mozilla SeaMonkey 2.1b2
  • Mozilla Thunderbird 2.0
  • Mozilla Thunderbird 2.0.0.0
  • Mozilla Thunderbird 2.0.0.1
  • Mozilla Thunderbird 2.0.0.12
  • Mozilla Thunderbird 2.0.0.13
  • Mozilla Thunderbird 2.0.0.14
  • Mozilla Thunderbird 2.0.0.15
  • Mozilla Thunderbird 2.0.0.16
  • Mozilla Thunderbird 2.0.0.17
  • Mozilla Thunderbird 2.0.0.18
  • Mozilla Thunderbird 2.0.0 .19
  • Mozilla Thunderbird 2.0.0.2
  • Mozilla Thunderbird 2.0.0.21
  • Mozilla Thunderbird 2.0.0.22
  • Mozilla Thunderbird 2.0.0.23
  • Mozilla Thunderbird 2.0.0.24
  • Mozilla Thunderbird 2.0.0.3
  • Mozilla Thunderbird 2.0.0.4
  • Mozilla Thunderbird 2.0.0.5
  • Mozilla Thunderbird 2.0.0.6
  • Mozilla Thunderbird 2.0.0.7
  • Mozilla Thunderbird 2.0.0.8
  • Mozilla Thunderbird 2.0.0.9
  • Mozilla Thunderbird 2.0.14
  • Mozilla Thunderbird 3.0
  • Mozilla Thunderbird 3.0.1
  • Mozilla Thunderbird 3.0.10
  • Mozilla Thunderbird 3.0.11
  • Mozilla Thunderbird 3.0.11
  • Mozilla Thunderbird 3.0.2
  • Mozilla Thunderbird 3.0.3
  • Mozilla Thunderbird 3.0.4
  • Mozilla Thunderbird 3.0.4
  • Mozilla Thunderbird 3.0.5
  • Mozilla Thunderbird 3.0.5
  • Mozilla Thunderbird 3.0.6
  • Mozilla Thunderbird 3.0.7
  • Mozilla Thunderbird 3.0.8
  • Mozilla Thunderbird 3.0.9
  • Mozilla Thunderbird 3.0.9
  • Mozilla Thunderbird 3.1
  • Mozilla Thunderbird 3.1.1
  • Mozilla Thunderbird 3.1.10
  • Mozilla Thunderbird 3.1.2
  • Mozilla Thunderbird 3.1.2
  • Mozilla Thunderbird 3.1.3
  • Mozilla Thunderbird 3.1.4
  • Mozilla Thunderbird 3.1.5
  • Mozilla Thunderbird 3.1.5
  • Mozilla Thunderbird 3.1.6
  • Mozilla Thunderbird 3.1.7
  • Mozilla Thunderbird 3.1.7
  • Mozilla Thunderbird 3.1.8
  • Mozilla Thunderbird 3.1.9
  • Red Hat Enterprise Linux 5 Server
  • Red Hat Enterprise Linux Desktop Version 4
  • Red Hat Enterprise Linux AS 4
  • Red Hat Enterprise Linux Desktop 5 Client
  • Red Hat Enterprise Linux Desktop 6
  • Red Hat Enterprise Linux Desktop Optional 6
  • Red Hat Enterprise Linux Desktop Workstation 5 Client
  • Red Hat Enterprise Linux ES 4
  • Red Hat Enterprise Linux HPC Node Optional 6
  • Red Hat Enterprise Linux Optional Productivity Application 5 Server
  • Red Hat Enterprise Linux Server 6
  • Red Hat Enterprise Linux Server Optional 6
  • Red Hat Enterprise Linux Workstation 6
  • Red Hat Enterprise Linux Workstation Optional 6
  • Red Hat Enterprise Linux WS 4
  • Red Hat Fedora 14
  • Red Hat Fedora 15
  • Slackware Linux 13.0
  • Slackware Linux 13.0 X86 64
  • Slackware Linux 13.1
  • Slackware Linux 13.1 X86 64
  • Slackware Linux 13.37
  • Slackware Linux 13.37 x86_64
  • Slackware Linux -Current
  • Slackware Linux X86 64 -Current
  • Sun Solaris 10 Sparc
  • Sun Solaris 10 X86
  • Sun Solaris 11 Express
  • Sun Solaris 11 Express
  • SuSE openSUSE 11.3
  • SuSE openSUSE 11.4
  • SuSE SUSE Linux Enterprise Desktop 10 SP4
  • SuSE SUSE Linux Enterprise Desktop 11 SP1
  • SuSE SUSE Linux Enterprise SDK 10 SP3
  • SuSE SUSE Linux Enterprise SDK 10 SP4
  • SuSE SUSE Linux Enterprise SDK 11 SP1
  • SuSE SUSE Linux Enterprise Server 10 SP3
  • SuSE SUSE Linux Enterprise Server 10 SP4
  • SuSE SUSE Linux Enterprise Server 11 SP1
  • SuSE SUSE Linux Enterprise Software Development Kit 11 SP1
  • SuSE SUSE Linux Enterprise Teradata 10 SP3
  • Ubuntu Ubuntu Linux 10.04 Amd64
  • Ubuntu Ubuntu Linux 10.04 ARM
  • Ubuntu Ubuntu Linux 10.04 I386
  • Ubuntu Ubuntu Linux 10.04 Powerpc
  • Ubuntu Ubuntu Linux 10.04 Sparc
  • Ubuntu Ubuntu Linux 10.10 amd64
  • Ubuntu Ubuntu Linux 10.10 ARM
  • Ubuntu Ubuntu Linux 10.10 i386
  • Ubuntu Ubuntu Linux 10.10 powerpc
  • Ubuntu Ubuntu Linux 11.04 amd64
  • Ubuntu Ubuntu Linux 11.04 ARM
  • Ubuntu Ubuntu Linux 11.04 i386
  • Ubuntu Ubuntu Linux 11.04 powerpc

References

  • BugTraq: 48372
  • CVE: CVE-2011-2371

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out