1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Mozilla Firefox JS Obj Code Exec

HTTP Mozilla Firefox JS Obj Code Exec

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit a vulnerability in Mozilla Firefox which may result in remote code execution.

Additional Information

Mozilla Firefox is prone to a remote code-execution vulnerability.

The application fails to properly sanitize user-supplied input before using it to create a new JavaScript object. The vulnerability occurs when assigning unspecified parameters to the 'window.navigator' object. To trigger this vulnerability, an attacker may replace the navigator object before Java starts.

Successful exploits may allow an attacker to crash the application or execute arbitrary machine code in the context of the affected application.

Mozilla Firefox versions 1.5.0 to 1.5.0.4 are vulnerable to this issue.

This issue was previously discussed in BID 19181 (Mozilla Multiple Products Remote Vulnerabilities).
It has been assigned a separate BID because new information has become available.

Affected

  • Flock Flock 0.7.3 2
  • Gentoo Linux
  • HP HP-UX B.11.11, B.11.23, B.11.31
  • K-Meleon K-Meleon 1.0
  • MandrakeSoft Linux Mandrake 2006.0, 2006.0 x86_64
  • Mozilla Camino 0.7.0, 0.8, 0.8.3, 0.8.4, 1.0, 1.0.1, 1.0.2
  • Mozilla Firefox 1.5, 1.5 beta 1, 1.5 beta 2
  • Mozilla SeaMonkey 1.0, 1.0 dev, 1.0.1, 1.0.2, 1.0.3
  • Netscape Browser 8.1
  • RedHat Advanced Workstation for the Itanium Processor 2.1, 2.1 IA64
  • RedHat Desktop 3.0, 4.0
  • RedHat Enterprise Linux AS 2.1, AS 2.1 IA64, AS 3, AS 4, ES 2.1, ES 2.1 IA64, ES 3, ES 4, WS 2.1, WS 2.1 IA64, WS 3, WS 4
  • rPath rPath Linux 1
  • Slackware Linux -current, 10.2
  • Ubuntu Ubuntu Linux 5.10 amd64, 5.10 i386, 5.10 powerpc, 5.10 sparc, 6.6 LTS amd64, 6.6 LTS i386, 6.6 LTS powerpc, 6.6 LTS sparc

Response

New versions of Firefox and SeaMonkey are available to address these issues. Most Mozilla applications have self-updating features that may be used to download and install fixes.

Please see the referenced advisories for information on obtaining and applying fixes.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube