Check Point Advisories

Mozilla Firefox Unicode Sequence Handling Stack Corruption (CVE-2005-2702)

Check Point Reference: CPAI-2005-302
Date Published: 6 Oct 2009
Severity: High
Last Updated: 9 May 2017
Industry Reference:CVE-2005-2702
Protection Provided by:

Security Gateway
R80, R77, R76, R75

Who is Vulnerable?
Vulnerability Description The Firefox and Mozilla web browsers are applications designed for tasks related to browsing the web, such as displaying HTML encoded pages, downloading files, and so on. The web browser is capable of rendering Unicode characters contained in web pages which allows unconventional characters from different languages to be displayed as text. The browser can also render text in both right-to-left, and left-to-right directions. This is necessary as languages such as Arabic are read and written from right to left.There exists a buffer overflow vulnerability in the Mozilla/Firefox web browser. The flaw is caused by improper handling of abnormal Unicode sequences. By enticing a target user to open a malicious web page, a remote attacker may exploit this vulnerability to inject and execute arbitrary code with the privileges of the currently logged on user.In an attack scenario, where arbitrary code is attempted to be injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate as a result of the attack.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability

In order for the protection to be activated, update your Security Gateway product to the latest IPS update.For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R76 / R75

  1. In the IPS tab, click Protections and find the Mozilla Firefox Unicode Sequence Handling Stack Corruption protection using the Search tool and Edit the protection's settings.
  2. Install policy on all modules.

This protection's log will contain the following information:

Attack Name:  Web Client Enforcement Violation.
Attack Information:  Mozilla Firefox Unicode sequence handling stack corruption

This website uses cookies to ensure you get the best experience. Got it, Thanks! MORE INFO