HTTP: Mozilla JavaScript String Replace Buffer Overflow
This signature detects attempts to exploit a known heap buffer overflow vulnerability in Mozilla Firefox and SeaMonkey products. It is due to improper processing of a crafted substring when performing the replace operation in JavaScript. Remote attacker can exploit this by enticing target users to visit a malicious Web page. A successful attack can lead to arbitrary code execution with the privileges of the logged in user. In an unsuccessful attack, the Web browser terminates abnormally.
Extended Description
The Mozilla Foundation has released multiple advisories to address vulnerabilities in Firefox. An attacker can exploit these issues to obtain potentially sensitive information, execute arbitrary code, elevate privileges, and cause denial-of-service conditions.
Affected Products
Pardus linux_2009
Short Name
HTTP:STC:MOZILLA:STR-REPLACE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Buffer CVE-2009-3075 JavaScript Mozilla Overflow Replace String bid:36343
Release Date
10/19/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Red_hat
Suse
Sun
Mozilla
Turbolinux
Avaya
Pardus
Slackware
Ubuntu
Mandriva
Debian
CVSS Score
10.0