Overview
» IDS/IPS Signatures
Security Sites
iPolicy Networks Security Advisory
 

Mozilla Products Html Parser Memory Corruption Vulnerability
Date Discovered: 02/22/2010
Severity: High
Application Affected: Mozilla Firefox 3.0.17 and earlier
Mozilla Firefox 3.5.7 and earlier
Mozilla Thuderbird 3.0.1 and earlier
Mozilla Seamonkey 2.0.2 and earlier
Type: Remote
Identifiers: CVE-2009-1571
Synopsis

Mozilla Firefox, Thunderbire and Seamonkey are prone to memory corruption vulnerability, which could be exploited to execute arbitrary or cause a denial of service condition on the affected system.
Recommended Actions
Upgrade to Latest version :
http://www.mozilla.com/firefox
http://www.mozilla.com/thunderbird
http://www.mozilla.org/projects/seamonkey
Threat Analysis

Mozilla Firefox, Thunderbird and Seamonkey are well known web applications. There exists memory corruption vulnerability in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2 and SeaMonkey before 2.0.3

The flaw exists due to a use-after-free error in the HTML parser. Successful exploitation may allow remote attackers to execute arbitrary code or cause a denial of service condition or possibly crash browser on the vulnerable system via a specially crafted web page.
References

http://www.securityfocus.com/bid/38287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1571
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1571
http://www.mozilla.org/security/announce/2010/mfsa2010-03.html

Write-up by: Dheeraj Johri

3