This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects an attempt of leveraging a vulnerability in Mozilla Firefox/Thunderbird/SeaMonkey which may leads to arbitrary code execution.
Firefox is a browser. SeaMonkey is a suite of applications that includes a browser and an email client. Thunderbird is an email client. All three applications are available for multiple platforms.
The applications are prone to a remote code execution vulnerability. Specifically, this issue occurs when generating a Certificate Request Message Format (CRMF) request.
Attackers can exploit this vulnerability to execute arbitrary code in the context of the user running the vulnerable application, execute arbitrary script code in the browser of an unsuspecting user in the context of a targeted site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
- Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20.