|Check Point Reference:||CPAI-2005-302|
|Date Published:||6 Oct 2009|
|Last Updated:||9 May 2017|
|Protection Provided by:||
|Who is Vulnerable?|
|Vulnerability Description||The Firefox and Mozilla web browsers are applications designed for tasks related to browsing the web, such as displaying HTML encoded pages, downloading files, and so on. The web browser is capable of rendering Unicode characters contained in web pages which allows unconventional characters from different languages to be displayed as text. The browser can also render text in both right-to-left, and left-to-right directions. This is necessary as languages such as Arabic are read and written from right to left.There exists a buffer overflow vulnerability in the Mozilla/Firefox web browser. The flaw is caused by improper handling of abnormal Unicode sequences. By enticing a target user to open a malicious web page, a remote attacker may exploit this vulnerability to inject and execute arbitrary code with the privileges of the currently logged on user.In an attack scenario, where arbitrary code is attempted to be injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate as a result of the attack.|
This protection will detect and block attempts to exploit this vulnerability
In order for the protection to be activated, update your Security Gateway product to the latest IPS update.For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.
This protection's log will contain the following information:
Attack Name: Web Client Enforcement Violation.
Attack Information: Mozilla Firefox Unicode sequence handling stack corruption