Update Protection against Mozilla Firefox Browser Engine Memory Corruption
| Check Point Reference: | CPAI-2010-113 | |
| Date Published: | ||
| Severity: | ||
| Source: | Secunia Advisory SA35331 | |
| Industry Reference(s): | CVE-2009-3382 | |
| Protection Provided by: |
IPS-1
|
|
| Who is Vulnerable? Mozilla Foundation Firefox Prior to 3.0.11 | ||
| Vulnerability Description A memory corruption vulnerability was reported in Mozilla Firefox, a popular Web browser developed by Mozilla Foundation. This flaw is due to the way Mozilla Firefox handles first-letter CSS style elements. A remote attacker can exploit this vulnerability by persuading a target user to open a malicious webpage. Successful attacks could allow for code execution. |
||
|
Update/Patch Available The vendor, Mozilla, has released an advisory to address this vulnerability |
|
|
Vulnerability Details The vulnerability is due to an implementation error when handling the CSS pseudo-element first-letter. A remote attacker could exploit this vulnerability by persuading a target user to open a specially crafted web page. Successful exploitation may allow the attacker to execute arbitrary code on the vulnerable system with the privileges of the target user. |
Protection Overview
The protection will detect and block HTML documents that misuse the CSS pseudo-element :first-letter.
To configure the defense, select your product from the list below and follow the related protection steps.