HTTP: Mozilla Firefox XUL Tree Element Code Execution
A memory corruption vulnerability exists in Mozilla Firefox. The flaw is due to a dangling pointer while processing a malicious XUL document. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted web page. In a successful attack, where arbitrary code is injected and executed on the vulnerable target host, the behaviour of the target system is dependent on the malicious code. Note that any code executed by the attacker runs with the privileges of the logged in user. In an attack where code execution fails, the vulnerable application will terminate abnormally while parsing the malicious document.
Extended Description
Mozilla Firefox is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the application and possibly the computer. Failed attacks will cause denial-of-service conditions. Versions prior to Firefox 3.0.8 are vulnerable.
Affected Products
Debian linux
Short Name
HTTP:STC:MOZILLA:XUL-TREE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2009-1044 Code Element Execution Firefox Mozilla Tree XUL bid:34181
Release Date
10/19/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Red_hat
Suse
Mozilla
Turbolinux
Avaya
Pardus
Slackware
Ubuntu
Debian
CVSS Score
9.3