Intrusion Prevention

Mozilla.Frame.Comment.Objects.Manipulation.Memory.Corruption

Description

This indicates an attack attempt to exploit a memory corruption vulnerability
in Mozilla Foundation's family of browser products.
The vulnerability is caused by an error when the vulnerable software handles the document appended with an SVG comment DOM node. It may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause the program to crash, resulting in a denial of service condition.

Affected Products

Mozilla Firefox versions prior to 2.0.0.1
Mozilla Firefox versions prior to 1.5.0.9
Mozilla Thunderbird versions prior to 1.5.0.9
Mozilla SeaMonkey versions prior to 1.0.7

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Upgrade Mozilla Firefox
http://www.mozilla.com/firefox/
Upgrade Mozilla Thunderbird
http://www.mozilla.com/thunderbird/
Upgrade Mozilla SeaMonkey
http://www.mozilla.org/projects/seamonkey/

CVE References

CVE-2006-6504