HTTP: Mozilla Firefox Browser Engine Memory Corruption (CVE-2009-1392)

This signature detects attempts to exploit a known vulnerability against Mozilla Firefox. A successful attack could allow the attacker to execute arbitrary code on the targeted system. Failed exploit attempts could result in a denial of service condition.

Extended Description

The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox, Thunderbird, and SeaMonkey. Attackers can exploit these issues to bypass same-origin restrictions, obtain potentially sensitive information, and execute arbitrary script code with elevated privileges; other attacks are also possible. NOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID: 35360 Mozilla Firefox 'NPObject' Access Remote Code Execution Vulnerability 35370 Mozilla Firefox/Thunderbird/SeaMonkey Multiple Browser Engine Memory Corruption Vulnerabilities 35373 Mozilla Firefox and SeaMonkey JavaScript Chrome Privilege Escalation Vulnerability 35371 Mozilla Firefox/Thunderbird/SeaMonkey Double Frame Construction Memory Corruption Vulnerability 35372 Mozilla Firefox/Thunderbird/SeaMonkey Multiple JavaScript Engine Memory Corruption Vulnerabilities 35377 Mozilla Firefox/Thunderbird/SeaMonkey XUL Scripts Content-Policy Check Security Bypass Vulnerability 35380 Mozilla Firefox/Thunderbird/SeaMonkey Malicious Proxy HTTPS Man In The Middle Vulnerability 35383 Mozilla Firefox/Thunderbird/SeaMonkey Null Owner Document Arbitrary Code Execution Vulnerability 35386 Mozilla Firefox/Thunderbird/SeaMonkey 'file://' URI Security Bypass Vulnerability 35386 Mozilla Firefox/Thunderbird/SeaMonkey 'file://' URI Security Bypass Vulnerability 35388 Mozilla Firefox/SeaMonkey Address Bar URI Spoofing Vulnerability

Affected Products

Mozilla thunderbird

References

BugTraq: 35326

CVE: CVE-2009-1392

Short Name
HTTP:STC:MOZILLA:FIREFOX-ENG-MC
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
(CVE-2009-1392) Browser CVE-2009-1392 Corruption Engine Firefox Memory Mozilla bid:35326
Release Date
07/21/2011
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3336
False Positive
Unknown
Vendors

Mozilla

Pardus

CVSS Score

9.3

Found a potential security threat?