HTTP: Mozilla Product WAV Processing Buffer Overflow

This signature detects attempts to exploit a known vulnerability in Mozilla Product. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Extended Description

Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.

Affected Products

Mozilla thunderbird_esr

References

BugTraq: 56135

CVE: CVE-2012-4186

Short Name
HTTP:STC:DL:MOZILLA-WAV-BOF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Buffer CVE-2012-4186 Mozilla Overflow Processing Product WAV bid:56135
Release Date
10/30/2012
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3751
False Positive
Unknown
Vendors

Mozilla

Suse

Debian

Redhat

Canonical

CVSS Score

9.3

Found a potential security threat?