HTTP: Mozilla TypeObject Handling Use-after-free Arbitrary Code Execution
This signature detects attempts to exploit a known vulnerability against Mozilla Firefox. A successful attack can lead to arbitrary code execution.
Extended Description
Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage collection is occurring, as demonstrated by improper handling of BumpChunk objects.
Affected Products
Redhat enterprise_linux_server_eus
References
BugTraq: 66209
CVE: CVE-2014-1512
URL: https://www.mozilla.org/security/announce/2014/mfsa2014-30.html
Short Name
HTTP:STC:MOZILLA:TYPE-OBJ-RCE
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Arbitrary CVE-2014-1512 Code Execution Handling Mozilla TypeObject Use-after-free bid:66209
Release Date
10/20/2014
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Unknown
Vendors
Suse
Redhat
Mozilla
Opensuse
Debian
Canonical
CVSS Score
10.0