HTTP: Mozilla Firefox File Input Element Memory Corruption

There exists vulnerability in Mozilla Firefox. The vulnerability is due to a race condition when handling a DOM method on a specific HTML form object. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted web page. Successful exploitation would allow for arbitrary code injection and execution with the privileges of the currently logged on user. In a successful attack, arbitrary code is supplied and executed on the vulnerable target host. The behaviour of the target system is dependent on the malicious code. Note that any code executed by the attacker runs with the privileges of the logged in user. In an attack where code execution fails, the vulnerable application will terminate abnormally while parsing the malicious document.

Extended Description

The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey. Exploiting these issues can allow attackers to: - steal authentication credentials - obtain potentially sensitive information - violate the same-origin policy - execute scripts with elevated privileges - cause denial-of-service conditions - execute arbitrary code Other attacks are also possible. These issues are present in the following applications: Firefox 3.0.3 and prior Firefox 2.0.0.17 and prior Thunderbird: 2.0.0.17 and prior SeaMonkey 1.1.12 and prior

Affected Products

Nortel_networks self-service_media_processing_server,Red_hat fedora

References

BugTraq: 32281

CVE: CVE-2008-5021

Short Name

HTTP:STC:MOZILLA:FIREFOX-INPUT

Severity

Major

Recommended

False

Recommended Action

Drop

HTTP: Mozilla Firefox File Input Element Memory Corruption

Extended Description

Affected Products

References

Found a potential security threat?