Overview
» IDS/IPS Signatures
Security Sites
iPolicy Networks Security Advisory
 

Mozilla Products Web Worker Function Memory Corruption Vulnerability
Date Discovered: 02/22/2010
Severity: High
Application Affected: Mozilla Firefox 3.0.17 and earlier
Mozilla Firefox 3.5.7 and earlier
Mozilla Seamonkey 2.0.2 and earlier
Type: Remote
Identifiers: CVE-2010-0160
Synopsis

Mozilla Firefox, and Seamonkey are prone to memory corruption vulnerability, which could be exploited to cause a denial of service or possibly execute arbitrary on the affected system.
Recommended Actions
Upgrade to Latest version :
http://www.mozilla.com/firefox
http://www.mozilla.org/projects/seamonkey
Threat Analysis

Mozilla Firefox and Seamonkey are well known web applications. There exists memory corruption vulnerability in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8 and SeaMonkey before 2.0.3

The flaw exists due to improper handling of array data types for posted messages by web worker functionality in the application. Successful exploitation may allow remote attackers to execute arbitrary code or cause a denial of service condition or possibly crash browser on the vulnerable system via a specially crafted web page.
References

http://www.securityfocus.com/bid/38285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-0160
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0160 http://www.mozilla.org/security/announce/2010/mfsa2010-02

Write-up by: Dheeraj Johri

3