1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Mozilla 'nsTreeRange' CVE-2011-0073

Attack: Mozilla 'nsTreeRange' CVE-2011-0073

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects remote code execution vulnerability in Mozilla Firefox/SeaMonkey.

Additional Information

Firefox is a browser. SeaMonkey is a suite of applications that includes a browser and an email client. Both applications are available for multiple platforms.

Mozilla Firefox and SeaMonkey are prone to a remote code-execution vulnerability because of a dangling-pointer issue. The problem occurs due to a failure to properly handle user-defined functions of a 'nsTreeSelection' element.

An attacker can exploit this issue by enticing an unsuspecting user into viewing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

This issue is fixed in:

Firefox 3.6.17
Firefox 3.5.19
SeaMonkey 2.0.14

NOTE: This issue was previously discussed in BID 47635 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2011-12 through -18 Multiple Vulnerabilities) but has been moved to its own record to better document it.

Affected

  • Mozilla Firefox 3.6.x
  • Mozilla Firefox 3.5.x

Response

Updates are available. Please see the references for more information.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube