Intrusion Prevention

Mozilla.Proto.Tampering.Remote.Code.Execution

Description

This indicates an attempt to exploit a code-execution vulnerability
in Mozilla products.
This vulnerability is caused by an error when the vulnerable software handles the setting of the "window.__proto__.__proto__" object. It allows a remote attacker to execute arbitrary code via sending a malicious web page.

Affected Products

Mozilla Firefox 3.x before 3.0.2
Mozilla Firefox 2.x before 2.0.0.18
Mozilla Thunderbird 2.x before 2.0.0.18
Mozilla SeaMonkey 1.x before 1.1.13

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Upgrade to the latest version, available from the following web site:
http://www.mozilla.com/en-US/

CVE References

CVE-2008-5014