Signature Detail

HTTP: Mozilla Firefox XUL NULL Menu Denial of Service

This signature detects attempts to exploit a known vulnerability against Mozilla Firefox. A successful attack can result in a denial-of-service condition.

Extended Description

The Mozilla Foundation has released six security advisories specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird. These vulnerabilities allow attackers to: - Execute arbitrary code - Cause denial-of-service conditions - Perform cross-site scripting attacks - Obtain potentially sensitive information - Spoof legitimate content Other attacks may also be possible. UPDATE: Firefox 2.0.0.10 is still vulnerable to the issue outlined in MFSA 2007-02. Pages followed through 'href' links and embedded iframes inherit the character set of parent pages when a user has manually set the browser charset.

Affected Products

• Avaya Interactive Response 2.0
• Avaya Messaging Storage Server 1.0
• Avaya Messaging Storage Server 2.0
• Avaya Messaging Storage Server MM3.0
• Avaya Messaging Storage Server
• Debian Linux 3.1.0
• Debian Linux 3.1.0 Alpha
• Debian Linux 3.1.0 Amd64
• Debian Linux 3.1.0 Arm
• Debian Linux 3.1.0 Hppa
• Debian Linux 3.1.0 Ia-32
• Debian Linux 3.1.0 Ia-64
• Debian Linux 3.1.0 M68k
• Debian Linux 3.1.0 Mips
• Debian Linux 3.1.0 Mipsel
• Debian Linux 3.1.0 Ppc
• Debian Linux 3.1.0 S/390
• Debian Linux 3.1.0 Sparc
• Gentoo Linux
• HP HP-UX B.11.11
• HP HP-UX B.11.23
• Mandriva Corporate Server 3.0.0
• Mandriva Corporate Server 3.0.0 X86 64
• Mandriva Corporate Server 4.0
• Mandriva Corporate Server 4.0.0 X86 64
• Mandriva Linux Mandrake 2007.0
• Mandriva Linux Mandrake 2007.0 X86 64
• Mozilla Camino 0.7.0 .0
• Mozilla Camino 0.8.0
• Mozilla Camino 0.8.3
• Mozilla Camino 0.8.4
• Mozilla Camino 1.0
• Mozilla Camino 1.0.1
• Mozilla Camino 1.0.2
• Mozilla Camino 1.0.3
• Mozilla Camino 1.5
• Mozilla Firefox 0.10.0
• Mozilla Firefox 0.10.1
• Mozilla Firefox 0.8.0
• Mozilla Firefox 0.9.0
• Mozilla Firefox 0.9.0 Rc
• Mozilla Firefox 0.9.1
• Mozilla Firefox 0.9.2
• Mozilla Firefox 0.9.3
• Mozilla Firefox 1.0.0
• Mozilla Firefox 1.0.1
• Mozilla Firefox 1.0.2
• Mozilla Firefox 1.0.3
• Mozilla Firefox 1.0.4
• Mozilla Firefox 1.0.5
• Mozilla Firefox 1.0.6
• Mozilla Firefox 1.0.7
• Mozilla Firefox 1.0.8
• Mozilla Firefox 1.5.0
• Mozilla Firefox 1.5.0.1
• Mozilla Firefox 1.5.0.2
• Mozilla Firefox 1.5.0.3
• Mozilla Firefox 1.5.0.4
• Mozilla Firefox 1.5.0.5
• Mozilla Firefox 1.5.0.6
• Mozilla Firefox 1.5.0.7
• Mozilla Firefox 1.5.0.8
• Mozilla Firefox 1.5.0.9
• Mozilla Firefox 1.5.0 Beta 1
• Mozilla Firefox 1.5.0 Beta 2
• Mozilla Firefox 2.0
• Mozilla Firefox 2.0.0.1
• Mozilla Firefox 2.0.0.10
• Mozilla Firefox 2.0 Beta 1
• Mozilla Firefox 2.0 RC2
• Mozilla Firefox 2.0 RC3
• Mozilla SeaMonkey 1.0
• Mozilla SeaMonkey 1.0.1
• Mozilla SeaMonkey 1.0.2
• Mozilla SeaMonkey 1.0.3
• Mozilla SeaMonkey 1.0.5
• Mozilla SeaMonkey 1.0.6
• Mozilla SeaMonkey 1.0.7
• Mozilla SeaMonkey 1.0.99
• Mozilla SeaMonkey 1.0 Dev
• Mozilla Thunderbird 0.6.0
• Mozilla Thunderbird 0.7.0
• Mozilla Thunderbird 0.7.1
• Mozilla Thunderbird 0.7.2
• Mozilla Thunderbird 0.7.3
• Mozilla Thunderbird 0.8.0
• Mozilla Thunderbird 0.9.0
• Mozilla Thunderbird 1.0.0
• Mozilla Thunderbird 1.0.1
• Mozilla Thunderbird 1.0.2
• Mozilla Thunderbird 1.0.5
• Mozilla Thunderbird 1.0.6
• Mozilla Thunderbird 1.0.7
• Mozilla Thunderbird 1.0.8
• Mozilla Thunderbird 1.5.0
• Mozilla Thunderbird 1.5.0.1
• Mozilla Thunderbird 1.5.0.2
• Mozilla Thunderbird 1.5.0.4
• Mozilla Thunderbird 1.5.0.5
• Mozilla Thunderbird 1.5.0.7
• Mozilla Thunderbird 1.5.0.8
• Mozilla Thunderbird 1.5.0.9
• Mozilla Thunderbird 1.5.0 Beta 2
• Novell Linux Desktop 9
• Pardus Linux 2007.1
• Red Hat Desktop 4.0.0
• Red Hat Enterprise Linux 5 Server
• Red Hat Enterprise Linux AS 4
• Red Hat Enterprise Linux Desktop 5 Client
• Red Hat Enterprise Linux Desktop Workstation 5 Client
• Red Hat Enterprise Linux ES 4
• Red Hat Enterprise Linux Optional Productivity Application 5 Server
• Red Hat Enterprise Linux WS 4
• Red Hat Fedora Core5
• Red Hat Fedora Core6
• rPath rPath Linux 1
• SGI ProPack 3.0.0 SP6
• Slackware Linux 10.2.0
• Slackware Linux 11.0
• Sun Java Enterprise System 2003Q4
• Sun Java Enterprise System 2004Q2
• Sun Java Enterprise System 2005Q1
• Sun Java Enterprise System 2005Q4
• Sun Java Enterprise System 5
• Sun Java System Application Server Enterprise Edition 8.1.0 2005Q1RHEL2.1/RHEL3
• Sun Java System Application Server Platform Edition 8.1.0 2005 Q1
• Sun Java System Web Server 6.1
• Sun Java System Web Server 7.0
• Sun Java Web Proxy Server 4.0
• Sun Solaris 10 Sparc
• Sun Solaris 10 X86
• Sun Solaris 9 Sparc
• Sun Solaris 9 X86
• SuSE Linux 10.0
• SuSE Linux 10.1
• SuSE Linux 9.3
• SuSE Novell Linux POS 9
• SuSE Open-Enterprise-Server
• SuSE openSUSE 10.2
• SuSE SUSE Linux Enterprise Desktop 10
• SuSE SUSE Linux Enterprise Server 10
• SuSE SUSE Linux Enterprise Server 8
• SuSE SUSE Linux Enterprise Server 9 SP3
• SuSE SuSE Linux Openexchange Server 4.0.0
• SuSE SUSE LINUX Retail Solution 8.0.0
• SuSE SuSE Linux School Server for i386
• SuSE SuSE Linux Standard Server 8.0.0
• SuSE UnitedLinux 1.0.0
• Turbolinux FUJI
• Turbolinux Home
• Turbolinux Multimedia
• Turbolinux Personal
• Turbolinux 10 F...
• Turbolinux FUJI
• Turbolinux Turbolinux Desktop 10.0.0
• Turbolinux Turbolinux Server 10.0.0
• Turbolinux Turbolinux Server 10.0.0 X64
• Turbolinux Turbolinux Server 10.0.0 X86
• Turbolinux wizpy
• Ubuntu Ubuntu Linux 5.10.0 Amd64
• Ubuntu Ubuntu Linux 5.10.0 I386
• Ubuntu Ubuntu Linux 5.10.0 Powerpc
• Ubuntu Ubuntu Linux 5.10.0 Sparc
• Ubuntu Ubuntu Linux 6.06 LTS Amd64
• Ubuntu Ubuntu Linux 6.06 LTS I386
• Ubuntu Ubuntu Linux 6.06 LTS Powerpc
• Ubuntu Ubuntu Linux 6.06 LTS Sparc
• Ubuntu Ubuntu Linux 6.10 Amd64
• Ubuntu Ubuntu Linux 6.10 I386
• Ubuntu Ubuntu Linux 6.10 Powerpc
• Ubuntu Ubuntu Linux 6.10 Sparc

References

• BugTraq: 22694
• CVE: CVE-2007-0775