Overview
» IDS/IPS Signatures
Security Sites
Products
White Papers
Data Sheets
Case Studies
Support Login
Locate a Partner
iPolicy Networks Security Advisory
 

Mozilla Firefox Layout Engine Denial of Service Vulnerabilities
Date Discovered: 9/24/2008
Severity: High
Applications Affected: Mozilla Firefox 3.x before 3.0.2
Synopsis
Denial of Service (DOS) vulnerability has been discovered in Mozilla Firefox 3.x before 3.0.2. A remote attacker can execute arbitrary code to the target user's system and make memory corruption and the application crash. Remote attackers can successfully exploit this vulnerability by vector related to the layout engine.
Recommended Actions
Update with latest patch.
http://www.mozilla.com/en-US/products
Threat Analysis
Firefox is Mozilla's award-winning next generation Web browser. Mozilla Firefox is an Internet browser that we can use to browse the web pages and search the Web. Mozilla components have been designed using the concept of Document Object Model (DOM). The Document Object Model is a programming interface for HTML and XML documents. Its components act as an interface that allows scripts to dynamically access and update the content, structure and style of (HTML/XML) documents.

Denial of Service vulnerability has been found in Mozilla Firefox in which a remote attacker can execute arbitrary code via vectors related to layout engine and a zero value of the "this" variable in the nsContentList::Item function; interaction of the indic IME extension, a Hindi language selection, and the "g" character; and interaction of the nsFrameList::SortByContentOrder function with a certain insufficient protection of inline frames. After successful exploitation a remote attacker can execute arbitrary malicious code in security context of logged-in user.
References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4063
http://www.security-database.com/detail.php?alert=CVE-2008-4063
Write-up by: Gaurav Bajpai
Security Sites
 
“iPolicy is one of the most visionary firewall vendors in the firewall Magic Quadrant. Its architecture of a central session processing engine and multiple content blades that are able to block based on signatures, rules and so on is the closest to the network security ideal.”
 
Greg Young, John Pescatore
Magic Quadrant for Network Firewalls, 2H04, Gartner
 

 
Home | About Us | Products | Technology | Solutions | Support | Partners | News & Events | Resources | Contact Us
Copyright ©2008 iPolicy Networks - Security Product Division of Tech Mahindra Limited | Privacy Policy | Site Map