This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects remote code execution vulnerability in Mozilla Firefox/SeaMonkey.
Firefox is a browser. SeaMonkey is a suite of applications that includes a browser and an email client. Both applications are available for multiple platforms.
Mozilla Firefox and SeaMonkey are prone to a remote code-execution vulnerability because of a dangling-pointer issue. The problem occurs due to a failure to properly handle user-defined functions of a 'nsTreeSelection' element.
An attacker can exploit this issue by enticing an unsuspecting user into viewing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
This issue is fixed in:
NOTE: This issue was previously discussed in BID 47635 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2011-12 through -18 Multiple Vulnerabilities) but has been moved to its own record to better document it.
- Mozilla Firefox 3.6.x
- Mozilla Firefox 3.5.x
Updates are available. Please see the references for more information.