HTTP: Firefox ConstructFrame First-letter
This signature detects attempts to exploit a known vulnerability in Mozilla Firefox. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the client.
Extended Description
Mozilla Firefox and Thunderbird are prone to multiple memory-corruption vulnerabilities that attackers can exploit to cause denial-of-service conditions and, in some cases, to run arbitrary code. The vulnerabilities are fixed in Firefox 3.0.12 and 3.5. Mozilla states that Thunderbird is also affected, but doesn't specify the vulnerable and fixed versions. These vulnerabilities were previously covered in BID 35758 (Mozilla Firefox MFSA 2009-34, -35, -36, -37, -39, -40 Multiple Vulnerabilities) but have been assigned this record to better document them.
Affected Products
Pardus linux_2009
Short Name
HTTP:STC:MOZILLA:CONSTRUCTFRAME
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2009-2462 ConstructFrame Firefox First-letter bid:35765
Release Date
09/29/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3731
False Positive
Unknown
Vendors
Red_hat
Suse
Sun
Mozilla
Pardus
Slackware
Ubuntu
Mandriva
Debian
CVSS Score
10.0