HTTP: Mozilla Firefox Onreadystatechange Use After Free
This signature detects attempts to exploit a known vulnerability against Mozilla Firefox Web Browser. A successful attack can lead to arbitrary code execution.
Extended Description
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.
Affected Products
Mozilla firefox
References
BugTraq: 60778
CVE: CVE-2013-1690
URL: http://www.mozilla.org/security/announce/2013/mfsa2013-53.html
Short Name
HTTP:STC:MOZILLA:READYSTATE-UAF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
After CVE-2013-1690 Firefox Free Mozilla Onreadystatechange Use bid:60778
Release Date
08/09/2013
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3751
False Positive
Unknown
Vendors
Suse
Redhat
Mozilla
Opensuse
Debian
Canonical
CVSS Score
9.3