Update Protection against Mozilla Firefox nsPropertyTable PropertyList Memory Corruption
| Check Point Reference: | CPAI-2010-118 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Secunia Advisory SA36671 | |
| Industry Reference(s): | CVE-2009-3070 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Mozilla Foundation Firefox 3.5.x prior to 3.5.3 Mozilla Foundation Firefox 3.0.x prior to 3.0.14 | ||
| Vulnerability Description A memory corruption vulnerability has been reported in Mozilla Firefox web browser. The vulnerability is due to improper handling of PropertyLists in nsPropertyTable while parsing a specially crafted web page. Remote attackers can exploit this vulnerability by convincing a target user to visit a malicious web page, potentially leading to arbitrary code injection and execution on the target system. |
||
|
Update/Patch Available The vendor, Mozilla Foundation, has released an advisory addressing this vulnerability. |
|
|
Vulnerability Details The vulnerability can be exploited to spoof the URL of a trusted site via Unicode characters having a tall line-height. Successful exploitation could result in arbitrary code injection and execution with the privileges of the logged in user. |
Protection Overview
This protection will detect and block HTML documents with some combination of invalid position property lists.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.