Mozilla.Firefox.iframe.designMode.Code.Execution
Description
This indicates an attack attempt against a memory-corruption vulnerability in Mozilla Firefox.
This issue is caused by an error when the vulnerable software handles malformed JavaScript code when "designMode" is set. It may allow remote attackers to execute arbitrary code by sending a crafted web page.
Affected Products
Mozilla Firefox 1.5 beta 2
Mozilla Firefox 1.5 beta 1
Mozilla Firefox 1.5
Mozilla Firefox 1.5.0.2
Mozilla Firefox 1.5.0.2
Mozilla Firefox 1.5.0.1
Debian: Debian Linux 3.1
Hewlett-Packard Company: Tru64 UNIX Any version
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Upgrade to the latest version of Firefox (1.5.0.3 or later), as listed in Mozilla Foundation Security Advisory 2006-30.
For Debian GNU/Linux (Mozilla):
Refer to Debian Security Advisory DSA-1053-1 for patch, upgrade, or suggested workaround information.
For Debian GNU/Linux (Firefox):
Refer to Debian Security Advisory DSA-1055-1 for patch, upgrade, or suggested workaround information.
For HP Tru64 UNIX:
Refer to Hewlett-Packard Company Security Bulletin HPSBTU02118 SSRT061145 for patch, upgrade, or suggested workaround information.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |