Signature Detail

HTTP: Mozilla Multiple Products IDBKeyRange Use After Free Memory Corruption

This signature detects attempts to exploit a known vulnerability against Mozilla Firefox, Thunderbird and SeaMonkey. A successful attack can lead to arbitrary code execution.

Extended Description

Mozilla Firefox, Thunderbird, and SeaMonkey are prone to a remote code-execution vulnerability due to a use-after-free condition. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Affected Products

• Mandriva enterprise_server 5
• Mandriva enterprise_server 5 X86 64
• Mandriva linux_mandrake 2010.1
• Mandriva linux_mandrake 2010.1 X86 64
• Mandriva linux_mandrake 2011
• Mandriva linux_mandrake 2011 x86_64
• Moonchild_productions pale_moon 11.0
• Moonchild_productions pale_moon 9.0.1
• Moonchild_productions pale_moon 9.1
• Moonchild_productions pale_moon 9.2
• Mozilla firefox 10
• Mozilla firefox 10.0
• Mozilla firefox 10.0
• Mozilla firefox 10.0.1
• Mozilla firefox 10.0.2
• Mozilla firefox 11.0
• Mozilla firefox_esr 10.0.2
• Mozilla firefox_esr 10.0.3
• Mozilla seamonkey 2.0
• Mozilla seamonkey 2.0.1
• Mozilla seamonkey 2.0.10
• Mozilla seamonkey 2.0.11
• Mozilla seamonkey 2.0.11
• Mozilla seamonkey 2.0.12
• Mozilla seamonkey 2.0.13
• Mozilla seamonkey 2.0.14
• Mozilla seamonkey 2.0.2
• Mozilla seamonkey 2.0.3
• Mozilla seamonkey 2.0.4
• Mozilla seamonkey 2.0.4
• Mozilla seamonkey 2.0.5
• Mozilla seamonkey 2.0.5
• Mozilla seamonkey 2.0.6
• Mozilla seamonkey 2.0.7
• Mozilla seamonkey 2.0.8
• Mozilla seamonkey 2.0.9
• Mozilla seamonkey 2.0.9
• Mozilla seamonkey 2.0 Alpha 1
• Mozilla seamonkey 2.0 Alpha 2
• Mozilla seamonkey 2.0 Alpha 3
• Mozilla seamonkey 2.0 Beta 1
• Mozilla seamonkey 2.0 Beta 2
• Mozilla seamonkey 2.0 Rc1
• Mozilla seamonkey 2.0 Rc2
• Mozilla seamonkey 2.1
• Mozilla seamonkey 2.1 Alpha1
• Mozilla seamonkey 2.1 Alpha2
• Mozilla seamonkey 2.1 Alpha3
• Mozilla seamonkey 2.1b2
• Mozilla seamonkey 2.2
• Mozilla seamonkey 2.2
• Mozilla seamonkey 2.3
• Mozilla seamonkey 2.4
• Mozilla seamonkey 2.5
• Mozilla seamonkey 2.6
• Mozilla seamonkey 2.7
• Mozilla seamonkey 2.7.1
• Mozilla seamonkey 2.7.2
• Mozilla seamonkey 2.8
• Mozilla thunderbird 10.0
• Mozilla thunderbird 10.0
• Mozilla thunderbird 10.0
• Mozilla thunderbird 10.0.1
• Mozilla thunderbird 10.0.2
• Mozilla thunderbird 11.0
• Mozilla thunderbird_esr 10.0.2
• Mozilla thunderbird_esr 10.0.3
• Oracle enterprise_linux 5
• Oracle enterprise_linux 6
• Oracle enterprise_linux 6.2
• Red_hat enterprise_linux 5 Server
• Red_hat enterprise_linux_desktop 5 Client
• Red_hat enterprise_linux_desktop 6
• Red_hat enterprise_linux_desktop_optional 6
• Red_hat enterprise_linux_desktop_workstation 5 Client
• Red_hat enterprise_linux_hpc_node_optional 6
• Red_hat enterprise_linux_optional_productivity_application 5 Server
• Red_hat enterprise_linux_server 6
• Red_hat enterprise_linux_server_optional 6
• Red_hat enterprise_linux_workstation 6
• Red_hat enterprise_linux_workstation_optional 6
• Red_hat fedora 16
• Suse suse_linux_enterprise_desktop 10 SP4
• Suse suse_linux_enterprise_desktop 11 SP1
• Suse suse_linux_enterprise_desktop 11 SP2
• Suse suse_linux_enterprise_sdk 10 SP4
• Suse suse_linux_enterprise_sdk 11 SP1
• Suse suse_linux_enterprise_sdk 11 SP2
• Suse suse_linux_enterprise_server 10 SP4
• Suse suse_linux_enterprise_server 11 SP1
• Suse suse_linux_enterprise_server 11 SP2
• Suse suse_linux_enterprise_server_for_vmware 11 SP1
• Ubuntu ubuntu_linux 10.04 Amd64
• Ubuntu ubuntu_linux 10.04 ARM
• Ubuntu ubuntu_linux 10.04 I386
• Ubuntu ubuntu_linux 10.04 Powerpc
• Ubuntu ubuntu_linux 10.04 Sparc
• Ubuntu ubuntu_linux 11.04 amd64
• Ubuntu ubuntu_linux 11.04 ARM
• Ubuntu ubuntu_linux 11.04 i386
• Ubuntu ubuntu_linux 11.04 powerpc
• Ubuntu ubuntu_linux 11.10 amd64
• Ubuntu ubuntu_linux 11.10 i386
• Ubuntu ubuntu_linux 12.04 LTS amd64
• Ubuntu ubuntu_linux 12.04 LTS i386

References

• BugTraq: 53220
• CVE: CVE-2012-0469