Update Protection against Mozilla Firefox nsDirIndexParser Overflow
| Check Point Reference: | CPAI-2008-242 | |
| Date Published: | ||
| Severity: | ||
| Source: | Security Focus Bugtraq ID: 32281 | |
| Industry Reference(s): | CVE-2008-0017 | |
| Protection Provided by: |
IPS-1
|
|
| Who is Vulnerable? Firefox 3.0.4 Firefox 2.0.0.18 SeaMonkey 1.1.13 | ||
| Vulnerability Description The Mozilla Foundation has reported various vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey. If expolited, these vulnerabilities may lead to theft of authentication credentials, disclosure of sensitive information, execution of scripts with elevated privileges and execution of arbitrary code. For the attack to be successful an attacker must cause the victim user to browse to a malicious web page or click a link in a malicious email. |
||
|
Update/Patch Available Vendor's advisory: http://www.mozilla.org/security/announce/2008/mfsa2008-54.html |
|
|
Vulnerability Details The vulnerability is caused by a buffer overflow error when parsing the http-index-format MIME type, which could be exploited to execute arbitrary code on a machine using affetced version of Firefox. |
Protection Overview
By enabling this protection, IPS-1 will detect and block HTTP responses with Content-Type of application/http-index-format and a data length of longer than a configurable threshold.
To configure the defense, select your product from the list below and follow the related protection steps.