Intrusion Prevention

Mozilla.Firefox.XSL.Parsing.Memory.Corruption

Description

This indicates an attack attempt to exploit a memory-corruption vulnerability in Mozilla.
This vulnerability is caused by an error when the vulnerable software is parsing an XLS file that includes a malicious "xsl:key" elment. It allows a remote attacker to crash the vulnerable software via sending a crafted XLS file.

Affected Products

Mozilla Firefox before 3.0.8
Mozilla SeaMonkey before 1.1.16

Impact

System Compromise: Remote attackers can crash vulnerable systems.

Recommended Actions

Upgrade to the latest version, available from the vendor's web site:
http://www.mozilla.com/en-US/