Intrusion Prevention

Mozilla.Browsers.JavaScript.Navigator.Object.Memory.Corruption

Description

This indicates an attack attempt against a remote code-execution vulnerability in Mozilla browsers.
The vulnerability is caused by an error when the vulnerable software handles invalid JavaScript window.navigator object values. It allows a remote attacker to execute arbitrary code via sending a crafted web page.

Affected Products

Ubuntu Ubuntu Linux 5.10 sparc
Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
Slackware Linux 10.2
Slackware Linux -current
rPath rPath Linux 1
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux AS 2.1 IA64
RedHat Enterprise Linux AS 2.1
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Netscape Browser 8.1
Mozilla SeaMonkey 1.0.2
Mozilla SeaMonkey 1.0.1
Mozilla SeaMonkey 1.0 dev
Mozilla SeaMonkey 1.0
Mozilla Firefox 1.5 beta 2
Mozilla Firefox 1.5 beta 1
Mozilla Firefox 1.5 .4
Mozilla Firefox 1.5 .3
Mozilla Firefox 1.5
Mozilla Firefox 1.5.0.2
Mozilla Firefox 1.5.0.2
Mozilla Firefox 1.5.0.1
Mozilla Camino 1.0.2
Mozilla Camino 1.0.1
Mozilla Camino 0.8.4
Mozilla Camino 0.8.3
Mozilla Camino 0.8
Mozilla Camino 0.7 .0
Mozilla Camino 1.0
MandrakeSoft Linux Mandrake 2006.0 x86_64
MandrakeSoft Linux Mandrake 2006.0
K-Meleon K-Meleon 1.0
Gentoo Linux
Flock Flock 0.7.3 2

Impact

Execute arbitrary code

Recommended Actions

Refer to Mozilla Foundation Security Advisory 2006-45 for the upgrade or suggested workaround information:
http://www.mozilla.org/security/announce/2006/mfsa2006-45.html

CVE References

CVE-2006-3677