HTTP: Firefox Navigator Object Code Execution
This signature detects attempts to exploit a known vulnerability against Mozilla Firefox. A successful attack can lead to arbitrary code execution.
Extended Description
Mozilla Firefox is prone to a remote code-execution vulnerability because the application fails to properly sanitize user-supplied input before using it to create new JavaScript objects. Successful exploits may allow an attacker to crash the application or execute arbitrary machine code in the context of the affected application. This issue was previously discussed in BID 19181 (Mozilla Multiple Products Remote Vulnerabilities). It has been assigned a separate BID because new information has become available.
Affected Products
Mozilla seamonkey
References
BugTraq: 19192
CVE: CVE-2006-3677
URL: http://browserfun.blogspot.com/2006/07/mobb-28-mozilla-navigator-object.html
Short Name
HTTP:STC:MOZILLA:NAV-OBJ-EXEC
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2006-3677 Code Execution Firefox Navigator Object bid:19192
Release Date
09/11/2009
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Red_hat
Gentoo
K-meleon
Rpath
Mozilla
Slackware
Ubuntu
Mandriva
Flock
Netscape
CVSS Score
7.5