BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Mozilla Document.write DOM Insertion Heap Overflow

Disclosed October 26, 2010    Fully Patched

Vulnerability Description:

Multiple Mozilla products contain a heap-based buffer overflow vulnerability when handling document.write and DOM insertion. Successful exploitation could allow remote attackers to execute arbitrary code with the privileges of the logged in user. There are reports of this vulnerability being actively exploited in-the-wild.

Vendors:

Mozilla

Vulnerable Software/Devices:

Firefox 3.6.11 and prior
Firefox 3.5.14 and prior
Thunderbird 3.1.5 and prior
Thunderbird 3.0.9 and prior
SeaMonkey 2.0.9 and prior

Vulnerability Severity:

High

Exploit Availability:

N/A

Exploit Impact:

Remote Code Execution
Remote Code Execution under current user's privileges This client-side vulnerability may be exploited by an attacker by tricking the user into viewing a malicious website. Once successfully exploited, the attacker gains the ability to remotely execute arbitrary code with the same permissions as the user that is currently logged in. If the user is an administrator, the attacker could install malicious software and further compromise the system.

BeyondTrust Prevention and Detection:

  • BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
    • Retina Audit ID 13690 - Mozilla Document.write DOM Insertion Buffer Overflow (20101027) - Windows
    • Retina Audit ID 13691 - Mozilla Document.write DOM Insertion Buffer Overflow (20101027) - UNIX/Linux
    • Retina Audit ID 13692 - Mozilla Document.write DOM Insertion Buffer Overflow (20101027) - Mac OS X

Mitigation:

Update to Firefox 3.6.12, Firefox 3.5.15, Thunderbird 3.1.6, Thunderbird 3.0.10, SeaMonkey 2.0.10, or newer version of these products.

Links:

CVE(s):

None

Leave a Reply