Mozilla.Firefox.XMLSerializer.Use.After.Free
Description
This indicates an attack attempt against a Use-After-Free vulnerability in Mozilla Firefox.
The vulnerability is caused by an error when the vulnerable software handles a used element's property. An attacker can exploit this by tricking an unsuspecting user into visiting a malicious webpage and execute arbitrary script code within the context of the application.
Affected Products
Mozilla Firefox 18.0 and prior
Mozilla Firefox ESR 10.0.12 and prior
Mozilla Firefox ESR 17.0.2 and prior
Mozilla Thunderbird 17.0.2 and prior
Mozilla Thunderbird ESR 10.0.12 and prior
Mozilla Thunderbird ESR 17.0.2 and prior
Mozilla SeaMonkey 2.15 and prior
Impact
System Compromise: Remote attackers can execute arbitrary script code within the context of the target user's browser.
Recommended Actions
Refer to the vendor's Web site for suggested workaround.
http://www.mozilla.org/security/announce/2013/mfsa2013-16.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |