HTTP: Mozilla Firefox SharedWorker MessagePort Use After Free
This signature detects attempts to exploit a known vulnerability against Mozilla Firefox. The vulnerability is due to a memory corruption issue when handling SharedWorker objects. A remote unauthenticated attacker could exploit this vulnerability by enticing a user to visit a malicious page. Successful exploitation could lead to remote code execution under the security context of the browser process.
Extended Description
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Affected Products
Mozilla thunderbird
Short Name
HTTP:STC:MOZILLA:SHAREDWORK-UAF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
After CVE-2014-1548 Firefox Free MessagePort Mozilla SharedWorker Use bid:68818
Release Date
08/06/2014
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3830
False Positive
Unknown
Vendors
Mozilla
CVSS Score
10.0