Intrusion Prevention

Mozilla.Firefox.iframe.designMode.Remote.DoS

Description

This indicates an attack attempt against a Memory Corruption vulnerability in Mozilla Firefox.
The vulnerability is caused by an error when the vulnerable software handles malformed JavaScript code, when "designMode" is set. It may allow remote attackers to execute arbitrary code by sending a crafted web page.

Affected Products

Mozilla Firefox 1.5 beta 2
Mozilla Firefox 1.5 beta 1
Mozilla Firefox 1.5
Mozilla Firefox 1.5.0.2
Mozilla Firefox 1.5.0.2
Mozilla Firefox 1.5.0.1
Debian: Debian Linux 3.1
Hewlett-Packard Company: Tru64 UNIX Any version

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Upgrade to the latest version of Firefox (1.5.0.3 or later), as listed in Mozilla Foundation Security Advisory 2006-30.
For Debian GNU/Linux (Mozilla):
Refer to Debian Security Advisory DSA-1053-1 for patch, upgrade, or suggested workaround information.
For Debian GNU/Linux (Firefox):
Refer to Debian Security Advisory DSA-1055-1 for patch, upgrade, or suggested workaround information.
For HP Tru64 UNIX:
Refer to Hewlett-Packard Company Security Bulletin HPSBTU02118 SSRT061145 for patch, upgrade, or suggested workaround information.

CVE References

CVE-2006-1993