Signature Detail
Short Name |
HTTP:STC:MOZILLA:XBL-TAG-RM |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Mozilla Firefox XBL Event Handler Tags Removal Memory Corruption |
Release Date |
2010/10/18 |
Update Number |
1794 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Mozilla Firefox XBL Event Handler Tags Removal Memory Corruption
There exists a memory corruption vulnerability in Mozilla Foundation's family of browser products. The flaw exists in the XBL (Extensible Binding Language) component and specifically happens via dynamic manipulation of XUL Tags inside Event Handlers. A remote attacker can exploit this vulnerability to execute arbitrary code in the security context of the target browser. An attack targeting this vulnerability can result in the injection and execution of arbitrary code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Any injected code will be executed within the security context of the currently logged in user. In the case of an unsuccessful code execution attack, Firefox may terminate abnormally.
Extended Description
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox 2.0.0.7 and prior versions. These vulnerabilities allow attackers to: - Execute arbitrary code due to memory corruption. - Carry out content spoofing and phishing attacks. - Gain unauthorized access to files on a user's computer running the Linux operating system. - Execute script code with elevated privileges. Other attacks may also be possible. These issues are present in Firefox 2.0.0.7 and prior versions. Mozilla Thunderbird 2.0.0.7 and prior versions as well as SeaMonkey 1.1.4 and prior versions are also affected by many of these vulnerabilities.
Affected Products
- Avaya Intuity AUDIX LX 2.0
- Avaya Message Networking 3.1
- Avaya Message Networking MN 3.1
- Avaya Messaging Storage Server 3.1
- Avaya Messaging Storage Server MM3.0
- Debian Iceape 1.0.10
- Debian Iceape 1.0.11
- Debian Iceape 1.1.1
- Debian Iceweasel
- Debian Linux 4.0
- Debian Linux 4.0 Alpha
- Debian Linux 4.0 Amd64
- Debian Linux 4.0 Arm
- Debian Linux 4.0 Hppa
- Debian Linux 4.0 Ia-32
- Debian Linux 4.0 Ia-64
- Debian Linux 4.0 M68k
- Debian Linux 4.0 Mips
- Debian Linux 4.0 Mipsel
- Debian Linux 4.0 Powerpc
- Debian Linux 4.0 S/390
- Debian Linux 4.0 Sparc
- Foresight Linux 1.1
- Gentoo Linux
- HP HP-UX B.11.11
- HP HP-UX B.11.23
- HP HP-UX B.11.31
- Mandriva Corporate Server 3.0.0
- Mandriva Corporate Server 3.0.0 X86 64
- Mandriva Corporate Server 4.0
- Mandriva Corporate Server 4.0.0 X86 64
- Mandriva Linux Mandrake 2007.1
- Mandriva Linux Mandrake 2007.1 X86 64
- Mandriva Linux Mandrake 2008.0
- Mandriva Linux Mandrake 2008.0 X86 64
- Mozilla Camino 1.0
- Mozilla Camino 1.0.1
- Mozilla Camino 1.0.2
- Mozilla Camino 1.0.3
- Mozilla Camino 1.5
- Mozilla Camino 1.5.1
- Mozilla Firefox 2.0
- Mozilla Firefox 2.0.0.1
- Mozilla Firefox 2.0.0.2
- Mozilla Firefox 2.0.0.3
- Mozilla Firefox 2.0.0.4
- Mozilla Firefox 2.0.0.5
- Mozilla Firefox 2.0.0.6
- Mozilla Firefox 2.0.0.7
- Mozilla Firefox 2.0 Beta 1
- Mozilla Firefox 2.0 RC2
- Mozilla Firefox 2.0 RC3
- Mozilla SeaMonkey 1.1.1
- Mozilla SeaMonkey 1.1.2
- Mozilla SeaMonkey 1.1.3
- Mozilla SeaMonkey 1.1.4
- Mozilla SeaMonkey 1.1 Beta
- Mozilla Thunderbird 2.0.0.4
- Mozilla Thunderbird 2.0.0.5
- Mozilla Thunderbird 2.0.0.6
- Red Hat Advanced Workstation for the Itanium Processor 2.1.0
- Red Hat Desktop 3.0.0
- Red Hat Desktop 4.0.0
- Red Hat Enterprise Linux 5 Server
- Red Hat Enterprise Linux Desktop Version 4
- Red Hat Enterprise Linux AS 2.1
- Red Hat Enterprise Linux AS 3
- Red Hat Enterprise Linux AS 4
- Red Hat Enterprise Linux Desktop 5 Client
- Red Hat Enterprise Linux Desktop Workstation 5 Client
- Red Hat Enterprise Linux ES 2.1
- Red Hat Enterprise Linux ES 3
- Red Hat Enterprise Linux ES 4
- Red Hat Enterprise Linux Optional Productivity Application 5 Server
- Red Hat Enterprise Linux WS 2.1
- Red Hat Enterprise Linux WS 3
- Red Hat Enterprise Linux WS 4
- Red Hat Fedora 7
- Red Hat Fedora Core6
- rPath rPath Linux 1
- Slackware Linux 10.2.0
- Slackware Linux 11.0
- Slackware Linux 12.0
- Slackware Linux -Current
- Sun Solaris 10 Sparc
- Sun Solaris 10 X86
- SuSE Linux 10.0 Ppc
- SuSE Linux 10.0 X86
- SuSE Linux 10.0 X86-64
- SuSE Linux 10.1 Ppc
- SuSE Linux 10.1 X86
- SuSE Linux 10.1 X86-64
- SuSE Linux Personal 10.0.0 OSS
- SuSE Linux Personal 10.1
- SuSE Linux Personal 10.2
- SuSE Linux Personal 10.2 X86 64
- SuSE Linux Professional 10.0.0
- SuSE Linux Professional 10.0.0 OSS
- SuSE Linux Professional 10.1
- SuSE Linux Professional 10.2
- SuSE Linux Professional 10.2 X86 64
- SuSE Novell Linux Desktop 9.0.0
- SuSE Novell Linux POS 9
- SuSE Open-Enterprise-Server
- SuSE openSUSE 10.2
- SuSE openSUSE 10.3
- SuSE SUSE Linux Enterprise Desktop 10 SP1
- SuSE SUSE Linux Enterprise Server 10 SP1
- SuSE SUSE Linux Enterprise Server 8
- SuSE SUSE Linux Enterprise Server 9
- SuSE SuSE Linux Openexchange Server 4.0.0
- SuSE SUSE LINUX Retail Solution 8.0.0
- SuSE SuSE Linux School Server for i386
- SuSE SuSE Linux Standard Server 8.0.0
- SuSE UnitedLinux 1.0.0
- Ubuntu Ubuntu Linux 6.06 LTS Amd64
- Ubuntu Ubuntu Linux 6.06 LTS I386
- Ubuntu Ubuntu Linux 6.06 LTS Powerpc
- Ubuntu Ubuntu Linux 6.06 LTS Sparc
- Ubuntu Ubuntu Linux 6.10 Amd64
- Ubuntu Ubuntu Linux 6.10 I386
- Ubuntu Ubuntu Linux 6.10 Powerpc
- Ubuntu Ubuntu Linux 6.10 Sparc
- Ubuntu Ubuntu Linux 7.04 Amd64
- Ubuntu Ubuntu Linux 7.04 I386
- Ubuntu Ubuntu Linux 7.04 Powerpc
- Ubuntu Ubuntu Linux 7.04 Sparc
- Ubuntu Ubuntu Linux 7.10 Amd64
- Ubuntu Ubuntu Linux 7.10 I386
- Ubuntu Ubuntu Linux 7.10 Powerpc
- Ubuntu Ubuntu Linux 7.10 Sparc
- Warpzilla Enhanced Gecko 1.8.1.7
References
- BugTraq: 26132
- CVE: CVE-2007-5339