Intrusion Prevention

Firefox.Proxy.Prototype.Privileged.JavaScript.Injection

Description

This indicates an attack attempt against a Command Injection vulnerability in Mozilla Firefox and SeaMonkey.
The vulnerability is due to an input validation error while parsing a crafted JavaScript. A remote attacker could exploit this to execute arbitrary code within the context of the application, via a crafted JavaScript.

Affected Products

Mozilla Firefox version 35.0 and prior
Mozilla SeaMonkey version 2.32 and prior

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://bugzilla.mozilla.org/show_bug.cgi?id=1120261

CVE References

CVE-2014-8636