This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects attempts to exploit heap overflow vulnerability by checking for malformed regular expression patterns.
The Mozilla Foundation has released six security advisories regarding security vulnerabilities in Mozilla Firefox, SeaMonkey, and Thunderbird. The specific vulnerabilities are as follows:
MFSA2006-57 - Firefox, Thunderbird, and SeaMonkey are prone to multiple buffer overflow vulnerabilities:
- A regular expression ending with a backslash inside an unterminated character set '[\' will lead to a buffer overflow. An attacker may be able to exploit this issue to execute arbitrary code in the context of the affected application.
MFSA2006-58 - Firefox and Thunderbird are prone to a man-in-the-middle attack that could result in affected applications using an attacker-controlled site to retrieve updates. The problem occurs when users accept unverifiable self-signed certificates on 'low value' sites. If an attacker is in a position to spoof the victim's DNS, the attacker can further exploit this issue to cause the auto-update mechanism to retrieve further updates from attacker-controlled sites.
MFSA2006-61 - Firefox and SeaMonkey are prone to a vulnerability that could inject content into a sub-frame of another site. The problem occurs in 'targetWindow.frames[n].document.open()' and can be exploited to inject arbitrary content to aid in phishing attacks; other attacks are also possible.
MFSA2006-62 - Firefox is prone to a cross-site scripting vulnerability. This issue occurs because blocked popups opened from the status bar 'blocked popups' icon are opened in the context of the site listed in the 'address bar', regardless of the original location. An attacker can exploit this issue to execute arbitrary HTML or script code in the victim's browser in the context of the affected site. This may let the attacker steal cookie-based authentication credentials or launch other attacks. A successful exploit of this issue would require the victim user to visit a malicious page where a popup is blocked, then visit a trusted site and then accept the blocked popup.
MFSA2006-64 - Firefox, Thunderbird, and SeaMonkey are prone to multiple memory-corruption vulnerabilities. While most of these issues result in denial-of-service conditions, some may be exploitable to execute arbitrary code.
The issues described here will be split into individual BIDs as more information becomes available.
These issues are fixed in:
- Mozilla Firefox version 184.108.40.206n- Mozilla Thunderbird version 220.127.116.11n- Mozilla SeaMonkey version 1.0.5
- Avaya CVLAN
- Avaya Integrated Management
- Avaya Interactive Response
- Avaya Messaging Storage Server MM3.0
- Debian Linux 3.1, 3.1 alpha, 3.1 amd64, 3.1 arm, 3.1 hppa, 3.1 ia-32, 3.1 ia-64, 3.1 m68k, 3.1 mips, 3.1 mipsel, 3.1 ppc, 3.1 s/390, 3.1 sparc
- Galeon Galeon Browser 1.3.21
- Gentoo Linux
- GNOME Epiphany 1.6.5
- HP HP-UX B.11.11, B.11.23
- MandrakeSoft Corporate Server 3.0, 3.0 x86_64, 4.0, 4.0 x86_64
- MandrakeSoft Linux Mandrake 2006.0, 2006.0 x86_64
- Mozilla Camino 0.7.0, 0.8, 0.8.3, 0.8.4, 1.0, 1.0.1, 1.0.2
- Mozilla Firefox Preview Release, 0.8, 0.9, 0.9 rc, 0.9.1, 0.9.2, 0.9.3, 0.10, 0.10.1, 1.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.5, 1.5.6, 1.5 beta 1, 1.5 beta 2, 2.0 beta 1
- Mozilla SeaMonkey 1.0, 1.0 dev, 1.0.1, 1.0.2, 1.0.3
- Mozilla Thunderbird 0.6, 0.7, 0.7.1, 0.7.2, 0.7.3, 0.8, 0.9, 1.0, 1.0.1, 1.0.2, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.5, 1.5 beta 2
- Novell Linux Desktop 9
- RedHat Advanced Workstation for the Itanium Processor 2.1, 2.1 IA64
- RedHat Desktop 3.0, 4.0
- RedHat Enterprise Linux AS 2.1, AS 2.1 IA64, AS 3, AS 4, ES 2.1, ES 2.1 IA64, ES 3, ES 4, WS 2.1, WS 2.1 IA64, WS 3, WS 4
- rPath rPath Linux 1
- S.u.S.E. Linux Personal 10.1, 9.2, 9.3, 10.0 OSS
- S.u.S.E. Linux Professional 9.2, 9.3, 10.0, 10.1
- S.u.S.E. SUSE Linux Enterprise Desktop 10
- S.u.S.E. SUSE Linux Enterprise Server 10
- SGI Advanced Linux Environment 3.0
- Slackware Linux -current, 10.2
- Ubuntu Ubuntu Linux 5.0 4 amd64, 5.0 4 i386, 5.0 4 powerpc, 5.10 amd64, 5.10 i386, 5.10 powerpc, 5.10 sparc, 6.6 LTS amd64, 6.6 LTS i386, 6.6 LTS powerpc, 6.6 LTS sparc