Update Protection against Mozilla Firefox Browser Engine Memory Corruption

Vulnerability
Protection

Check Point Reference:	CPAI-2010-115
Date Published:
Severity:
Source:	Secunia Advisory SA35331
Industry Reference(s):	CVE-2009-1392
Protection Provided by:	IPS-1 IPS-1 IPS-1 NGX R65
Who is Vulnerable? Mozilla Foundation Firefox Prior to 3.0.11
Vulnerability Description A memory corruption was reported in vulnerability in Mozilla Firefox. This flaw is due to the way Mozilla Firefox handles firstletter CSS style elements. A remote attacker can exploit this vulnerability by persuading a target user to open a malicious webpage. Successful exploitation could allow for remote code execution.

Update/Patch Available The vendor, Mozilla Foundation, has released an advisory to address this vulnerability.
Vulnerability Details The vulnerability is due to an implementation error when handling the CSS pseudo-element: first-letter. A remote attacker could exploit this vulnerability by persuading a target user to open a specially crafted web page. Successful exploitation could lead to remote code execution on the target system.

Protection Overview
This protection will detect and block HTML files that contain an invalid use of the CSS element whiteSpace.

To configure the defense, select your product from the list below and follow the related protection steps.

IPS-1 & IPS-1 NGX R65

How Can I Protect My Network?
1. In the IPS-1 Policy Manager, click on the Protection tab.
2. In the Protection tree, click Web Intelligence > HTML, and select the Exploit Specific Protections protection group.
3. Click Exploit Specific Protections (IPS-1 NGX R65 only).
4. In the configuration pane, under Settings, check Active.
5. Click on Install Policy.

How Do I Know if My Network is Under Attack?

Upon attack, the following entries will be logged:

Alert Name: Exploit Specific Protections
Description: Exploit Specific Protections

Legal Notice for Threat Center Advisories